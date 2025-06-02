Provision with Okta
- In the Okta dashboard, go to Applications > Applications.
- Select Browse App Catalog.
- Locate and select SCIM 2.0 Test App (OAuth Bearer Token).
- Select Add Integration and name your integration.
- Enable the following options:
- Do not display application icon to users
- Do not display application icon in the Okta Mobile App
- Disable Automatically log in when user lands on login page.
- Select Next, then select Done.
- In your integration page, go to Provisioning > Configure API Integration.
- Enable Enable API Integration.
- In SCIM 2.0 Base URL, enter:
https://api.cloudflare.com/client/v4/accounts/<accountID>/scim/v2, substituting
accountIDfor your Cloudflare Account ID.
- In the OAuth Bearer Token field, enter your API token value.
- Deselect Import Groups.
- In Provisioning to App, select Edit.
- Enable Create Users and Deactivate Users. Select Save.
- Select Done.
- In the Assignments tab, add the users you want to synchronize with Cloudflare dashboard. You can add users in batches by assigning a group. If a user is removed from the application assignment via either direct user assignment or removed from the group that was assigned to the app, this will trigger a deprovisioning event from Okta to Cloudflare.
- In the Push Groups tab, add the Okta groups you want to synchronize with Cloudflare dashboard. View these Okta groups in the dashboard under Manage Account > Manage members > Members > User Groups.
To verify the integration, select View Logs in the Okta SCIM application, and check the Audit Logs in the Cloudflare dashboard by navigating to Manage Account > Audit Log.
This will provision all of the users in the group(s) affected to your Cloudflare account with "minimal account access."
