Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

One-Time Pin Login

Cloudflare Access can send a one-time PIN (OTP) to approved email addresses as an alternative to configuring an identity provider. You can simultaneously configure an OTP and IdP to allow users to use their own authentication method.

For example, if your team uses Okta® but you’re collaborating with someone outside your organization, use OTP to grant them access.

Set up OTP

To set up OTP to allow guest-user access, you simply add the guest user's email address to a Zero Trust rule and to the group that allows your team to reach the application.

This is the workflow for your guest user:

  1. Select OTP on login to your application.

  2. Enter their email address and click Send me a code.

    Login page

    Access sends a one-time PIN they use to authenticate. This secure PIN expires 10 minutes after the initial request.

  3. Receive a PIN when the email address matches a Policy.

  4. Paste PIN in login page and click Sign in.

    PIN field

  5. Access logs them in.

Example API Config

{    "config": {},    "type": "onetimepin",    "name": "my example idp"}

export const _frontmatter = {"order":12}