You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/access-controls/applications/http-apps/saas-apps/generic-oidc-saas.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,7 +103,7 @@ To add additional OIDC claims onto the ID token sent to your SaaS application, c
103
103
104
104
### Access token lifetime
105
105
106
-
The OIDC Access token authorizes users to connect to the SaaS application through Cloudflare Access. You can set an **Access token lifetime** to determine the window in which the token can be used to establish authentication with the SaaS application — if it expires, the user must re-authenticate through Cloudflare Access. To balance security and user convenience, Cloudflare recommends configuring a short Access token lifetime in conjunction with a longer **Refresh token lifetime** (if supported by your application). When the access token expires, Cloudflare will use the refresh token to obtain a new access token after checking the user's identity against your Access policies. When the refresh token expires, the user will need to log back in to the identity provider. The refresh token lifetime should be less than your [global session duration](/cloudflare-one/team-and-resources/users/session-management/), otherwise the global session would take precedence.
106
+
The OIDC Access token authorizes users to connect to the SaaS application through Cloudflare Access. You can set an **Access token lifetime** to determine the window in which the token can be used to establish authentication with the SaaS application — if it expires, the user must re-authenticate through Cloudflare Access. To balance security and user convenience, Cloudflare recommends configuring a short Access token lifetime in conjunction with a longer **Refresh token lifetime** (if supported by your application). When the access token expires, Cloudflare will use the refresh token to obtain a new access token after checking the user's identity against your Access policies. When the refresh token expires, the user will need to log back in to the identity provider. The refresh token lifetime should be less than your [global session duration](cloudflare-one/access-controls/access-settings/session-management/), otherwise the global session would take precedence.
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/access-controls/applications/non-http/infrastructure-apps.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -102,7 +102,7 @@ To view all available filters, type `warp-cli target list --help`.
102
102
103
103
## Revoke a user's session
104
104
105
-
To revoke a user's access to all infrastructure targets, you can either [revoke the user from Zero Trust](/cloudflare-one/team-and-resources/users/session-management/#per-user) or revoke their device. Cloudflare does not currently support revoking a user's session for a specific target.
105
+
To revoke a user's access to all infrastructure targets, you can either [revoke the user from Zero Trust](cloudflare-one/access-controls/access-settings/session-management/#per-user) or revoke their device. Cloudflare does not currently support revoking a user's session for a specific target.
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/access-controls/policies/index.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -133,7 +133,7 @@ To require only one country and one email ending:
133
133
134
134
When you add a rule to your policy, you will be asked to specify the criteria/attributes you want users to meet. These attributes are available for all Access application types, including [SaaS](/cloudflare-one/access-controls/applications/http-apps/saas-apps/), [self-hosted](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/), and [non-HTTP](/cloudflare-one/access-controls/applications/non-http/) applications.
135
135
136
-
Non-identity attributes are polled continuously, meaning they are-evaluated with each new HTTP request for changes during the [user session](/cloudflare-one/team-and-resources/users/session-management/). If you have configured [SCIM provisioning](/cloudflare-one/team-and-resources/users/scim/), you can force a user to re-attest all attributes with Access whenever you revoke the user in the IdP or update their IdP group membership.
136
+
Non-identity attributes are polled continuously, meaning they are-evaluated with each new HTTP request for changes during the [user session](cloudflare-one/access-controls/access-settings/session-management/). If you have configured [SCIM provisioning](/cloudflare-one/team-and-resources/users/scim/), you can force a user to re-attest all attributes with Access whenever you revoke the user in the IdP or update their IdP group membership.
|[JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity and enables Access to perform single sign-on (SSO) | <details><summary>View</summary>If set, adheres to [global session duration](/cloudflare-one/team-and-resources/users/session-management/#global-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/team-and-resources/users/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes | None | Required |
39
+
|[JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the `cloudflareaccess.com`[team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity and enables Access to perform single sign-on (SSO) | <details><summary>View</summary>If set, adheres to [global session duration](cloudflare-one/access-controls/access-settings/session-management/#global-session-duration).<br/><br/>If not, adheres to [application session duration](cloudflare-one/access-controls/access-settings/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes | None | Required |
|[JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the domain protected by Access that allows Access to confirm that the user has been authenticated and is authorized to reach the origin | <details><summary>View</summary>If set, adheres to [policy session duration](/cloudflare-one/team-and-resources/users/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/team-and-resources/users/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Admin choice (Default: None) | Admin choice (Default: None) | Required |
45
+
|[JSON web token (JWT)](/cloudflare-one/identity/authorization-cookie/#access-jwts) set on the domain protected by Access that allows Access to confirm that the user has been authenticated and is authorized to reach the origin | <details><summary>View</summary>If set, adheres to [policy session duration](cloudflare-one/access-controls/access-settings/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](cloudflare-one/access-controls/access-settings/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Admin choice (Default: None) | Admin choice (Default: None) | Required |
0 commit comments