Access
Cloudflare's SCIM integrations with Okta and Microsoft Entra ID (formerly AzureAD) are now out of beta and generally available (GA) for all customers. These integrations can be used for Access and Gateway policies and Zero Trust user management. Note: This GA release does not include Dashboard SSO SCIM support.
Admins can now configure Zero Trust seats to automatically expire after 1 month of user inactivity. The previous minimum was 2 months.
Applications now load more quickly for customers with a large number of applications or complex policies.
Access admins can defer all CORS enforcement to their origin server for specific Access applications.
All user identity changes via SCIM or Authentication events are logged against a user's registry identity.
Access for SaaS applications can be setup with OIDC as an authentication method. OIDC and SAML 2.0 are now both fully supported.
Allow users to log in to Access applications with their WARP session identity. Users need to reauthenticate based on default session durations. WARP authentication identity must be turned on in your device enrollment permissions and can be enabled on a per application basis.
All new Access for SaaS applications have unique Entity IDs. This allows for multiple integrations with the same SaaS provider if required. The unique Entity ID has the application audience tag appended. Existing apps are unchanged.
Allows Access admins to set a default relay state on Access for SaaS apps.
Access admins can now tag applications and allow users to filter by those tags in the App Launcher.
Allow Access admins to configure the App Launcher page within Zero Trust.
Access admins can now view the full contents of a user's identity and device information for all active application sessions.
Access admins can now add custom claims to the existing named IdP providers. Previously this was locked to the generic OIDC provider.
Support Azure AD authentication contexts directly in Access policies.
Allow Access admins to customize the block pages presented by Access to end users.