You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/gateway/tiered-policies/index.mdx
+58-10Lines changed: 58 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -84,22 +84,21 @@ Tiered policies do not support egress policies, device posture selectors, privat
84
84
85
85
## Manage policies
86
86
87
-
You can make changes to your tiered policies in the source account for your Cloudflare Organization.
87
+
You can create, configure, and share your tiered policies in the source account for your Cloudflare Organization.
88
88
89
89
### Share policy
90
90
91
91
To share a Gateway policy from a source account to a recipient account:
92
92
93
93
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
94
94
2. Choose the policy type you want to share. If you want to share a resolver policy, go to **Gateway** > **Resolver policies**.
95
-
3. Find the policy you want to share from the list.
96
-
4. In the three-dot menu, select **Share**.
97
-
5. In **Select account**, choose the accounts you want to share the policy with. To share the policy with all of the recipient accounts in your Organization, choose _Select all accounts in org_.
98
-
6. Select **Continue**, then select **Share**.
95
+
3. Find the policy you want to share from the list. In the three-dot menu, select **Share**. Alternatively, to bulk share multiple policies, you can select each policy you want to share, then select **Actions** > **Share**.
96
+
4. In **Select account**, choose the accounts you want to share the policy with. To share the policy with all existing and future recipient accounts in your Organization, choose _Select all accounts in org_.
97
+
5. Select **Continue**, then select **Share**.
99
98
100
99
{/* TODO: Find actual time estimate. */}
101
100
102
-
A sharing icon will appear next to the policy's name. After a few minutes, the policy will appear in the recipient accounts' Gateway policies. Shared policies will appear grayed out in the recipient account's list of Gateway policies.
101
+
A sharing icon will appear next to the policy's name. After a few minutes, the policy will appear in and apply the recipient accounts. Shared policies will appear grayed out in the recipient account's list of Gateway policies.
103
102
104
103
If a policy fails to share to recipient accounts, Gateway will retry deploying the policy automatically unless the error is unrecoverable.
105
104
@@ -116,18 +115,67 @@ To change or remove recipients for a Gateway policy:
116
115
117
116
After a few minutes, the policy sharing will update across the configured recipient accounts.
118
117
119
-
### Remove policy share
118
+
:::note
119
+
If you selected _Select all accounts in org_ when sharing the policy, you will need to [unshare the policy](#unshare-policy) before you can edit its recipient accounts.
120
+
:::
121
+
122
+
### Unshare policy
120
123
121
124
To stop sharing a policy with all recipient accounts:
122
125
123
126
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**.
124
127
2. Choose the policy type you want to remove. If you want to remove a resolver policy, go to **Gateway** > **Resolver policies**.
125
-
3. Find the policy you want to remove from the list.
126
-
4. In the three-dot menu, select **Unshare**.
127
-
5. Select **Unshare**.
128
+
3. Find the policy you want to remove from the list. In the three-dot menu, select **Unshare**. Alternatively, to bulk remove multiple policies, you can select each policy you want to remove, then select **Actions** > **Unshare**.
129
+
4. Select **Unshare**.
128
130
129
131
After a few minutes, Gateway will stop sharing the policy with all recipient accounts and only apply the policy to the source account.
130
132
131
133
### Edit shared policy
132
134
133
135
When you edit or delete a shared policy in a source account, Gateway will require confirmation before making any changes. Changes made to shared policies will apply to all recipient accounts. Deleting a shared policy will delete the policy from both the source account and all recipient accounts.
136
+
137
+
## Manage settings
138
+
139
+
You can share Zero Trust settings from your source account to recipient accounts in your Cloudflare Organization, including the Gateway block page, extended email address matching, and Access login methods.
140
+
141
+
{/* TODO: Turn these sections into a flexible partial or tabs. */}
142
+
143
+
### Share Gateway block page
144
+
145
+
To share your [Gateway block page](/cloudflare-one/policies/gateway/block-page/) settings from a source account to a recipient account:
146
+
147
+
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom pages**.
148
+
2. In **Account Gateway block page**, select the three-dot menu and choose **Share**.
149
+
3. In **Select account**, choose the accounts you want to share the settings with. To share the settings with all existing and future recipient accounts in your Organization, choose _Select all accounts in org_.
150
+
4. Select **Continue**, then select **Share**.
151
+
152
+
A sharing icon will appear next to the setting. After a few minutes, the setting will appear in and apply to the recipient accounts.
153
+
154
+
To modify share recipients or unshare the setting, select the three-dot menu and choose **Edit shared configuration recipients** or **Unshare**.
155
+
156
+
### Share extended email address matching
157
+
158
+
To share your [extended email address matching](/cloudflare-one/policies/gateway/identity-selectors/#extended-email-addresses) settings from a source account to a recipient account:
159
+
160
+
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Network**.
161
+
2. In **Firewall** > **Matched extended email address**, select the three-dot menu and choose **Share**.
162
+
3. In **Select account**, choose the accounts you want to share the settings with. To share the settings with all existing and future recipient accounts in your Organization, choose _Select all accounts in org_.
163
+
4. Select **Continue**, then select **Share**.
164
+
165
+
A sharing icon will appear next to the setting. After a few minutes, the setting will appear in and apply to the recipient accounts.
166
+
167
+
To modify share recipients or unshare the setting, select the three-dot menu and choose **Edit shared configuration recipients** or **Unshare**.
168
+
169
+
### Share Access login methods
170
+
171
+
To share your [Access login method](/cloudflare-one/identity/) settings from a source account to a recipient account:
172
+
173
+
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**.
174
+
2. In **Login methods**, find the identity provider you want to share.
175
+
3. Select the three-dot menu and choose **Share**.
176
+
4. In **Select account**, choose the accounts you want to share the settings with. To share the settings with all existing and future recipient accounts in your Organization, choose _Select all accounts in org_.
177
+
5. Select **Continue**, then select **Share**.
178
+
179
+
A sharing icon will appear next to the identity provider's name. After a few minutes, the setting will appear in and apply to the recipient accounts.
180
+
181
+
To modify share recipients or unshare the setting, select the three-dot menu and choose **Edit shared configuration recipients** or **Unshare**.
0 commit comments