Use a pre-existing Access group.
Access API examples
You can use the Cloudflare Access API to create policies, including individual rule blocks inside of group or policy bodies. For example, this policy allows all Cloudflare email account users to reach the application with the exception of one account:
Example rule configurations
The request will need to present the headers for any service token created for this account.
Allow access based on the "amr" identifier.
The request will need to present a valid certificate with an expected common name.
Allow a specific country.
Allow a specific email address.
Allow an entire email domain.
Allow anyone to log in.
Allow members of a specific G Suite group.
Allow members of a specific GitHub organization.
Allow an IP range.
Allow members of a Microsoft Entra group. The ID is the group UUID (id
) in Microsoft Entra ID.
The request will need to present a valid certificate.
Allow members of an Okta Group.
Allow users with specific SAML attributes.
The request will need to present the correct service token headers.