Cloudflare Access now supports IdP federation, which allows organizations to share a single identity provider across multiple Cloudflare accounts.
Instead of configuring the same IdP (for example, Okta or Entra ID) separately in every account, you configure it once in a source account and share it with the other accounts in your organization. Each recipient account gets a read-only IdP connection that routes authentication back to the source account through a bridge — a hidden application in the source account that brokers the cross-account login. End users sign in with their existing IdP credentials, and each account’s Access policies evaluate the resulting identity just like any other IdP login.
Key capabilities:
- One IdP, many accounts — Configure your IdP once and share it with all accounts in your organization.
- Lifecycle management — As accounts join or leave your Cloudflare organization, their IdP connections are provisioned and removed automatically — no manual cleanup required.
- Immutable recipient connections — IdP connections in recipient accounts cannot be accidentally modified or deleted.
To get started, refer to IdP federation.
Source: Cloudflare
Latest Posts
- (Updated) Microsoft Viva Engage: Flexible targeting of Storyline Announcements [MC1183013]
- Microsoft Viva: Agent flexible query in Analytics Workbench [MC1403410]
- Update to Microsoft Enterprise Content Delivery Network (eCDN) analytics data retention (360 days to 180 days) [MC1403404]
- Microsoft Purview compliance portal: View-only role management enhancements [MC1403403]
