Okta

You can integrate Okta with Cloudflare Access to allow users to reach applications protected by Access with their Okta account.

1. In your Okta dashboard, click Admin.

   

2. Select the Applications tab in the Admin dashboard.

   

3. Click Add Application on the next page.

   

4. Click Create New App in the top right corner.

   

5. Choose Web as the Platform and toggle OpenID Connect. Click Create.

   

6. You can name the application to be any value. In the Login redirect URIs field, input your team domain followed by this callback at the end of the path: /cdn-cgi/access/callback. For example:

   https://your-team-name.cloudflareaccess.com/cdn-cgi/access/callback

   

7. Once saved, choose the Sign On tab from the application view.

   

8. Scroll down to the OpenID ConnectID Token.

   

9. Click Edit and edit the Groups claim filter to Starts with and the value .*.

   

10. Next, click the Assignments tab.

    

11. Click Assign and assign the application to all users in your organization.

    

12. Return to the General tab. Scroll down to find your credentials. Copy the ID and secret.

    

13. On the Teams dashboard, navigate to Access > Authentication.

14. Click + Add under Login Methods, and select Okta as your IdP.

14. Input the ID, secret, and the Okta account URL. Click Save.

To test that your connection is working, navigate to Authentication > Login methods and click Test next to Okta.

​Example API Configuration

{    "config": {        "client_id": "<your client id>",        "client_secret": "<your client secret",        "okta_account": "https://dev-abc123.oktapreview.com",    },    "type": "okta",    "name": "my example idp"}