Cloudflare Access now supports IdP federation, which allows organizations to share a single identity provider across multiple Cloudflare accounts.
Instead of configuring the same IdP (for example, Okta or Entra ID) separately in every account, you configure it once in a source account and share it with the other accounts in your organization. Each recipient account gets a read-only IdP connection that routes authentication back to the source account through a bridge — a hidden application in the source account that brokers the cross-account login. End users sign in with their existing IdP credentials, and each account’s Access policies evaluate the resulting identity just like any other IdP login.
Key capabilities:
- One IdP, many accounts — Configure your IdP once and share it with all accounts in your organization.
- Lifecycle management — As accounts join or leave your Cloudflare organization, their IdP connections are provisioned and removed automatically — no manual cleanup required.
- Immutable recipient connections — IdP connections in recipient accounts cannot be accidentally modified or deleted.
To get started, refer to IdP federation.
Source: Cloudflare
Latest Posts
- Amazon SageMaker Data Agent integrates business context into conversations
- Amazon EKS Capabilities now supports Amazon CloudWatch Vended Logs
- Copilot settings in classic Outlook for Windows [MC1358831]
- Cloudflare Fundamentals, Workers, D1, R2, KV, Queues, Vectorize, Durable Objects, Containers – Billable usage and budget alerts now in product sidebars
