DevelopersDocsSponsorshipsOpen SourceServerlist Newsletter

Configuring identity providers

You can integrate your organization's identity provider with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors.

Guides are available for specific providers as well as generic OIDC or SAML integrations. Cloudflare Access supports social identity providers that do not require administrator accounts, open source providers, and corporate providers. Cloudflare also supports using signed AuthN requests with SAML providers.

You can use the documentation linked below or the same material in the Cloudflare for Teams dashboard.

Guide Type Description
One-Time Pin Default You can use Cloudflare Access without an identity provider with the one-time pin integration.
Facebook® Social Guide to integrating Facebok as an identity option.
Google® Social Guide to integrating Google® without a G Suite® organization.
GitHub® Social Guide to integrating GitHub, including GitHub Teams.
LinkedIn Social Guide to integrating LinkedIN.
Keycloak Open Source Guide to integrating Keycloak
G Suite® Corporate Guide to integrating G Suite®, including groups.
Okta® Corporate Guide to integrating Okta®
Okta® with SAML Corporate Guide to integrating Okta® as a SAML provider.
OneLogin® Corporate Guide to integrating OneLogin®
Azure AD® Corporate Guide to integrating Azure AD®
Centrify® Corporate Guide to integrating Centrify®
Yandex® Corporate Guide to integrating Yandex®
Citrix ADC SAML Corporate Guide to integrating Citrix ADC, formerly Citrix NetScaler ADC.
PingIdentity® Corporate Guide to integrating PingFederate and PingOne.
Active Directory Corporate Guide to integrating self-hosted Active Directory.

Configure identity providers in the Access app

Adding an identity provider as a login method requires configuration in the Cloudflare Access dashboard as well as with the identity provider. Navigate to the Cloudflare for Teams dashboard to get started.

To configure an identity provider in Cloudflare:

  1. Open the Access section of the navigation bar and select Authentication. The dashboard will display all identity providers currently configured. Cloudflare Access defaults to enable the one-time pin option for new accounts. Select + Add to add a new provider.

  1. Choose the provider you plan to integrate. You can integrate multiple providers of the same type.

  1. You can input the required fields in the identity provider screen. If you need more help, step-by-step instructions can be expanded below the input form.

Using the API

We recommend that you use our dashboard to configure your identity providers. However, if you would like to use the Cloudflare API, each of the identity provider topics covered here include an example API configuration snippet as well.