[ZT] Import ZT org into Terraform (#19985)

* Import ZT org into Terraform

* add min version

* specify TF version

* Update create-zero-trust-org.mdx

Author: ranbel

src/content/partials/cloudflare-one/access/add-infrastructure-app.mdx

@@ -83,9 +83,13 @@ import { Tabs, TabItem, Render } from "~/components"
 	```
 
 </TabItem>
-<TabItem label="Terraform">
+<TabItem label="Terraform (v4)">
 
-1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.45.0`.
+:::
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`
 
 2. Use the [`cloudflare_zero_trust_access_application`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/zero_trust_access_application) resource to create an infrastructure application:

src/content/partials/cloudflare-one/access/add-target.mdx

@@ -55,9 +55,13 @@ If the target IP does not appear in the dropdown, go to **Networks** > **Routes*
 		```
 
 </TabItem>
-<TabItem label="Terraform">
+<TabItem label="Terraform (v4)">
 
-1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.45.0`.
+:::
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/api_token):
 	- `Teams Write`
 
 2. Configure the [`cloudflare_zero_trust_infrastructure_access_target`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/zero_trust_infrastructure_access_target) resource:

src/content/partials/cloudflare-one/access/create-service-token.mdx

@@ -23,7 +23,11 @@ import { Tabs, TabItem, Details } from '~/components';
    This is the only time Cloudflare Access will display the Client Secret. If you lose the Client Secret, you must generate a new service token.
    :::
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Service Tokens Write`

src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx

@@ -21,7 +21,11 @@ To check for an mTLS certificate:
 
 4. On your device, add the client certificate to the [system keychain](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-in-the-browser).
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permissions to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Mutual TLS Certificates Write`

src/content/partials/cloudflare-one/warp/device-enrollment.mdx

@@ -22,7 +22,11 @@ Device posture checks are not supported in device enrollment policies. WARP can
 4. In the **Authentication** tab, select the [identity providers](/cloudflare-one/identity/idp-integration/) users can authenticate with. If you have not integrated an identity provider, you can use the [one-time PIN](/cloudflare-one/identity/one-time-pin/).
 5. Select **Save**.
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`

src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx

@@ -21,7 +21,11 @@ import { Tabs, TabItem } from '~/components';
    * `auth_client_id`: The **Client ID** of your service token.
    * `auth_client_secret`: The **Client Secret** of your service token.
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`

src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx

@@ -3,8 +3,56 @@
 
 ---
 
-import { Render } from "~/components"
+import { Render, Tabs, TabItem} from "~/components"
 
-To set up a Zero Trust organization:
+To start using Zero Trust features, create a Zero Trust organization in your Cloudflare account.
+
+## Sign up for Zero Trust
+
+To create a Zero Trust organization:
 
 <Render file="choose-team-name" product="cloudflare-one" />
+
+## (Optional) Manage Zero Trust in Terraform
+
+You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/).
+
+Zero Trust organizations cannot be created through Terraform. You must [sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard and then import the resource into your [Terraform configuration](/terraform/).
+
+To import your Zero Trust organization:
+
+<Tabs> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+	- `Access: Organizations, Identity Providers, and Groups Write`
+
+2. Add the [`cloudflare_zero_trust_access_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/zero_trust_access_organization) resource:
+
+	```terraform
+	resource "cloudflare_zero_trust_access_organization" "<your-team-name>" {
+		account_id                         = var.cloudflare_account_id
+		name                               = "Acme Corporation"
+		auth_domain                        = "<your-team-name>.cloudflareaccess.com"
+	}
+	```
+	Replace `<your-team-name` with the Zero Trust organization name selected during [onboarding](#sign-up-for-zero-trust). You can also view your team name on [Zero Trust](https://one.dash.cloudflare.com) under **Settings** > **Custom Pages**.
+
+3. In a terminal, run:
+
+	```sh
+	terraform import cloudflare_zero_trust_access_organization.<your-team-name> <cloudflare_account_id>`
+	```
+
+</TabItem>
+
+</Tabs>
+
+You can now update the Zero Trust organization using Terraform.
+
+:::tip
+If you plan to manage all Zero Trust settings in Terraform, set the dashboard to [API/Terraform read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only).
+:::