Cloudflare Docs
Cloudflare Zero Trust
Edit this page on GitHub
Set theme to dark (⇧+D)

Web applications in Access

Cloudflare Access allows you to secure your web applications by acting as an identity aggregator, or proxy. Users can only log in to the application if they meet the criteria you want to introduce.

Cloudflare Access verifies a user’s identity before granting access to your application.

You can protect two types of web applications: SaaS and self-hosted.

  • SaaS applications consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application’s SSO configuration.

  • Self-hosted applications consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. To secure self-hosted applications, you must use Cloudflare’s DNS (full setup or partial CNAME setup) and connect the application to Cloudflare.

  • Cloudflare Dashboard SSO are a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.

  • Private network applications are self-hosted applications that do not have public DNS records, meaning they are not reachable from the public Internet. To allow remote users to access these applications, you must connect the private network to Cloudflare.