Okta

You can integrate Okta with Cloudflare Access to allow users to reach applications protected by Access with their Okta account.

1. In your Okta dashboard, click Admin.

   

2. Select the Applications tab in the Admin dashboard.

   

3. Click Add Application on the next page.

   

4. Click Create New App in the top right corner.

   

5. Choose Web as the Platform and toggle OpenID Connect. Click Create.

   

6. You can name the application to be any value. In the Login redirect URIs field, input your team domain followed by this callback at the end of the path: /cdn-cgi/access/callback. For example:

   https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/callback

   

7. Once saved, choose the Sign On tab from the application view.

   

8. Scroll down to the OpenID ConnectID Token.

   

9. Click Edit and edit the Groups claim filter to Matches regex and the value .*.

   

10. Next, click the Assignments tab.

    

11. Click Assign and assign the application to all users in your organization.

    

12. Return to the General tab. Scroll down to find your credentials. Copy the ID and secret.

    

13. On the Teams dashboard, navigate to Settings > Authentication.

14. Under Login methods, click Add new.

15. Select Okta as your IdP.

16. Input the ID, secret, and the Okta account URL.

17. (optional) Create an Okta API TokenOpen external link and input the token. This will prevent your Okta groups from failing if you have more than 100 groups.

18. Click Save.

To test that your connection is working, navigate to Settings > Authentication > Login methods and click Test next to Okta.

​Example API Configuration

{
    "config": {
        "client_id": "<your client id>",
        "client_secret": "<your client secret>",
        "okta_account": "https://dev-abc123.oktapreview.com",
    },
    "type": "okta",
    "name": "my example idp"
}