Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)


You can integrate Okta with Cloudflare Access to allow users to reach applications protected by Access with their Okta account.

  1. In your Okta dashboard, click Admin.

  2. Select the Applications tab in the Admin dashboard.

  3. Click Create App Integration in the top right corner.

  4. In the pop-up dialog, select OpenID Connect.

    OpenID connect option

  5. Choose Web Application as the Application type and click Next.

  6. Enter any name for the application. In the Login redirect URIs field, input your team domain followed by this callback at the end of the path: /cdn-cgi/access/callback. For example:

  7. Specify an assignment. Any value can be selected based on the desired behavior.

  8. Click Save.

  9. From the application view, navigate to the Sign On tab.

  10. Scroll down to the OpenID ConnectID Token.

    OpenID connect option

  11. Click Edit and set the Groups claim filter to Matches regex and the value .*.

  12. Return to the General tab. Scroll down to find your credentials, and copy the ID and secret.

    Client credentials

  13. On the Teams dashboard, navigate to Settings > Authentication.

  14. Under Login methods, click Add new.

  15. Select Okta as your identity provider.

  16. Input the ID, secret, and the Okta account URL.

  17. (optional) Create an Okta API token and enter it in the Teams dashboard (the token can be read-only). This will prevent your Okta groups from failing if you have more than 100 groups.

  18. Click Save.

To test that your connection is working, navigate to Settings > Authentication > Login methods and click Test next to Okta.

Example API Configuration

"config": {
"client_id": "<your client id>",
"client_secret": "<your client secret>",
"okta_account": "",
"type": "okta",
"name": "my example idp"