Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

Okta

You can integrate Okta with Cloudflare Access to allow users to reach applications protected by Access with their Okta account.

  1. In your Okta dashboard, click Admin.

    Okta Applications

  2. Select the Applications tab in the Admin dashboard.

    Admin Dash

  3. Click Add Application on the next page.

    Add App

  4. Click Create New App in the top right corner.

    Create New App

  5. Choose Web as the Platform and toggle OpenID Connect. Click Create.

    Create New App

  6. You can name the application to be any value. In the Login redirect URIs field, input your team domain followed by this callback at the end of the path: /cdn-cgi/access/callback. For example:

    https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback

    Create New App

  7. Once saved, choose the Sign On tab from the application view.

    Create New App

  8. Scroll down to the OpenID ConnectID Token.

    Scroll Down

  9. Click Edit and edit the Groups claim filter to Matches regex and the value .*.

    Scroll Down

  10. Next, click the Assignments tab.

    Assignments Tab

  11. Click Assign and assign the application to all users in your organization.

    Assign App

  12. Return to the General tab. Scroll down to find your credentials. Copy the ID and secret.

    Credentials

  13. On the Teams dashboard, navigate to Settings > Authentication.

  14. Under Login methods, click Add new.

  15. Select Okta as your IdP.

  16. Input the ID, secret, and the Okta account URL.

  17. (optional) Create an Okta API Token and input the token. This will prevent your Okta groups from failing if you have more than 100 groups.

  18. Click Save.

To test that your connection is working, navigate to Settings > Authentication > Login methods and click Test next to Okta.

Example API Configuration

{
"config": {
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"okta_account": "https://dev-abc123.oktapreview.com",
},
"type": "okta",
"name": "my example idp"
}