diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx
index 9ba58cb31de224f..9b70d40cc0b114d 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/crowdstrike.mdx
@@ -51,10 +51,7 @@ To retrieve those values:
### 2. Add CrowdStrike as a service provider
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **CrowdStrike**.
-4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
+
5. Enter the **Client ID** and **Client secret** you noted down above.
6. Enter your **Rest API URL**.
7. Enter your **Customer ID**.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx
new file mode 100644
index 000000000000000..986069dbd8d7a86
--- /dev/null
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/custom.mdx
@@ -0,0 +1,127 @@
+---
+pcx_content_type: how-to
+title: Custom device posture integration
+sidebar:
+ label: Custom integration
+ order: 1
+ hidden: true
+
+---
+
+import { Render } from "~/components"
+
+Cloudflare Zero Trust allows you to enforce custom device posture checks on your applications. This involves configuring a WARP service-to-service integration that periodially calls the external API of your choice, whether it is a third-party endpoint provider or a home built solution. When called, the API will receive device identifying information from Cloudflare and be expected to return a value between `0` to `100`. You can then set up a device posture check that determines if the returned value counts as a pass or fail; for example, you could allow access to a user only if their device has a posture value greater than `60`.
+
+```mermaid
+sequenceDiagram
+ participant WARP
+ participant Cloudflare Access
+ participant External API
+ WARP->>Cloudflare Access: Client ID and Secret
+ Cloudflare Access->>External API: Application token
+ WARP->>External API: JSON with user and device identity
+ External API-->>WARP: JSON with 0-100 result
+```
+
+## External API requirements
+
+The custom service provider integration works with any API service that meets the following specifications. For an example of a custom device posture integration API, refer to our [Cloudflare Workers sample code](https://github.com/cloudflare/custom-device-posture-integration-example-worker).
+
+### Authentication
+
+The WARP client authenticates to the external API through Cloudflare Access. The external API should [validate the application token](/cloudflare-one/identity/authorization-cookie/validating-json/) issued by Cloudflare Access to ensure that any requests which bypass Access (for example, due to a network misconfiguration) are rejected.
+
+### Data passed to external API
+
+Cloudflare will pass the following parameters to the configured API endpoint. You can use this data to identify the device and assign a posture score. For some devices, not all identifying information will apply, in which case the field will be blank. A maximum of 1,000 devices will be sent per a request.
+
+| Field | Description |
+| ----- | ----------- |
+| `device_id` | Device UUID assigned by the WARP client |
+| `email` | Email address used to authenticate the WARP client |
+| `serial_number` | Device serial number |
+| `mac_address` | Device MAC address |
+| `virtual_ipv4` | Device virtual IPv4 address |
+| `hostname` | Device name |
+
+Example request body:
+```json
+{
+ "devices": {
+ [
+ {
+ "device_id": "9ece5fab-7398-488a-a575-e25a9a3dec07",
+ "email": "jdoe@mycompany.com",
+ "serial_number": "jdR44P3d",
+ "mac_address": "74:1d:3e:23:e0:fe",
+ "virtual_ipv4": "100.96.0.10",
+ "hostname": "string",
+ },
+ {...},
+ {...}
+ ]
+ }
+}
+```
+
+### Expected response from external API
+
+For each Cloudflare `device_id`, the API service is expected to return a posture score and optionally a third-party device ID.
+
+| Field | Description |
+| ----- | ----------- |
+| `s2s_id` | Third party device ID (empty string if unavailable) |
+| `score` | Integer value between `0` - `100` |
+
+Example response body:
+```json
+{
+ "result": {
+ "9ece5fab-7398-488a-a575-e25a9a3dec07": {
+ "s2s_id": "",
+ "score": 10
+ },
+ "device_id2": {...},
+ "device_id3": {...}
+ }
+}
+```
+
+## Set up custom device posture checks
+
+### 1. Create a service token
+
+WARP uses an Access Client ID and Access Client Secret to securely authenticate to the external API. If you do not already have an Access Client ID and Access Client Secret, [create a new service token](/cloudflare-one/identity/service-tokens/#create-a-service-token).
+
+### 2. Create an Access application
+
+Next, secure the external API behind Cloudflare Access so that WARP can authenticate with the service token. To add the API endpoint to Access:
+
+1. [Create a self-hosted application](/cloudflare-one/applications/configure-apps/self-hosted-apps/) for your API endpoint.
+2. Add the following Access policy to the application. Make sure that **Action** is set to _Service Auth_ (not _Allow_).
+
+ | Action | Rule type | Selector | Value |
+ | ------ | --------- | ----------------- | ------------------------------------- |
+ | Service Auth | Include | Service Token | `` |
+
+### 3. Add a service provider integration
+
+To create a custom service-to-service integration:
+
+
+5. In **Access client ID** and **Access client secret**, enter the Access service token used to authenticate to your external API.
+6. In **Rest API URL**, enter the external API endpoint that Cloudflare will query for posture information (for example, `https://api.example.com`). For more information, refer to [External API requirements](#external-api-requirements).
+7. In **Polling frequency**, choose how often Cloudflare Zero Trust should query the external API for information.
+8. Select **Test and save**. The test checks if Cloudflare can authenticate to the API URL using the provided Access credentials.
+
+Next, [configure a device posture check](#configure-the-posture-check) to determine if a given posture score constitutes a pass or fail.
+
+### 4. Configure the posture check
+
+
+
+## Device posture attributes
+
+| Selector | Description | Value |
+| ------------- | ------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| Score | Posture score returned by external API | `0` to `100` |
\ No newline at end of file
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
index 03e10a56a910dc5..1b7010d7c374e41 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/index.mdx
@@ -18,6 +18,7 @@ Service-to-service integrations allow the WARP client to get device posture data
| Device posture check | macOS | Windows | Linux | iOS | Android/ChromeOS |
| ------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- |
+| [Custom service provider](/cloudflare-one/identity/devices/service-providers/custom/) | ✅ | ✅ | ✅ | ✅ | ✅ |
| [Crowdstrike](/cloudflare-one/identity/devices/service-providers/crowdstrike/) | ✅ | ✅ | ✅ | ❌ | ❌ |
| [Kolide](/cloudflare-one/identity/devices/service-providers/kolide/) | ✅ | ✅ | ✅ | ❌ | ❌ |
| [Microsoft Endpoint Manager](/cloudflare-one/identity/devices/service-providers/microsoft/) | ✅ | ✅ | ❌ | ❌ | ❌ |
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx
index 34c1be1788b290e..9618ba6a3a342ed 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/kolide.mdx
@@ -27,10 +27,7 @@ import { Render } from "~/components"
### 2. Add Kolide as a service provider
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **Kolide**.
-4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
+
5. Enter the **Client secret** you noted down above.
6. Choose a **Polling frequency** for how often Cloudflare Zero Trust should query Kolide for information.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx
index 7615c5a94f3b78f..12355fee93a31e6 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/microsoft.mdx
@@ -43,10 +43,7 @@ To retrieve those values:
## 2. Add Intune as a service provider
-1. Go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **Microsoft Endpoint Manager**.
-4. Give your provider a name. This name will be used throughout the dashboard to reference this connection.
+
5. Enter the **Client ID**, **Client secret** and **Customer ID** as you noted down above.
6. Select a **Polling frequency** for how often Cloudflare Zero Trust should query Microsoft Graph API for information.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx
index 5ac8153c120b86d..3218c3f8e033003 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/sentinelone.mdx
@@ -41,10 +41,7 @@ To retrieve those values:
### 2. Add SentinelOne as a service provider
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **SentinelOne**.
-4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
+
5. In **Client Secret**, enter your **API Token**.
6. In **Rest API URL**, enter `https://.sentinelone.net`.
7. Choose a **Polling frequency** for how often Cloudflare Zero Trust should query SentinelOne for information.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx
index 741d5ad74c76b63..4e2d65a916efa3e 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/taniums2s.mdx
@@ -40,10 +40,7 @@ To retrieve those values:
### 2. Add Tanium as a service provider
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **Tanium**.
-4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
+
5. Enter the **Client Secret** and **Rest API URL** you noted down above.
6. Choose a **Polling frequency** for how often Cloudflare Zero Trust should query Tanium for information.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx
index 27f4280b35923d1..bed35d087953560 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/uptycs.mdx
@@ -31,10 +31,7 @@ To obtain these values:
## 2. Add Uptycs as a service provider
-1. Go to **Settings** > **WARP Client**.
-2. Scroll down to **Device posture providers** and select **Add new**.
-3. Select **Uptycs**.
-4. Give your provider a name. This name will be used throughout the dashboard to reference this connection.
+
5. Enter the **Client ID**, **Client secret** and **Customer ID** as you noted down above.
6. Select a **Polling frequency** for how often Cloudflare Zero Trust should query Uptycs for information.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx b/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx
index f5de04b1d075e66..82e3e1ce83e3a31 100644
--- a/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/service-providers/workspace-one.mdx
@@ -40,13 +40,11 @@ To retrieve those values:
## 2. Add Workspace ONE as a service provider
-1. Go to **Settings** > **Devices** > **Device posture providers** and select **Add new**.
-2. Select **Workspace ONE**.
-3. Give your provider a name. This name will be used throughout the dashboard to reference this connection.
-4. Enter the **Client ID** and **Client secret** you noted down above.
-5. Select a **Polling frequency** for how often Cloudflare Zero Trust should query Workspace ONE for information.
-6. Enter the **Region-specific token URL** and **REST API URL** you noted down above.
-7. Select **Save**.
+
+5. Enter the **Client ID** and **Client secret** you noted down above.
+6. Select a **Polling frequency** for how often Cloudflare Zero Trust should query Workspace ONE for information.
+7. Enter the **Region-specific token URL** and **REST API URL** you noted down above.
+8. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/tutorials/index.mdx b/src/content/docs/cloudflare-one/tutorials/index.mdx
index e2436193f6d2da1..0e28f93dc01d966 100644
--- a/src/content/docs/cloudflare-one/tutorials/index.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/index.mdx
@@ -8,6 +8,7 @@ column_param: category
sidebar:
order: 11
head: []
+tableOfContents: false
description: View tutorials for Cloudflare Zero Trust.
---
diff --git a/src/content/partials/cloudflare-one/posture/add-service-provider.mdx b/src/content/partials/cloudflare-one/posture/add-service-provider.mdx
new file mode 100644
index 000000000000000..9c4d69d30475ab4
--- /dev/null
+++ b/src/content/partials/cloudflare-one/posture/add-service-provider.mdx
@@ -0,0 +1,11 @@
+---
+params:
+ - provider
+---
+
+import { Markdown } from "~/components"
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client**.
+2. Scroll down to **Third-party service provider integrations** and select **Add new**.
+3. Select **{props.provider}**.
+4. Enter any name for the provider. This name will be used throughout the dashboard to reference this connection.
\ No newline at end of file
diff --git a/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx b/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
index cd4fc5e2b630652..dd74636532ce360 100644
--- a/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
+++ b/src/content/partials/cloudflare-one/posture/configure-posture-check.mdx
@@ -8,7 +8,9 @@ import { Markdown } from "~/components"
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **WARP Client** > **Service provider checks**.
2. Select **Add new**.
3. Select the {props.one} provider.
-4. Configure a [device posture check](#device-posture-attributes) and enter any name.
-5. Select **Save**.
+4. Enter any name for the posture check.
+5. Configure the [attributes](#device-posture-attributes) required for the device to pass the posture check.
+6. Select **Save**.
+7. To test, go to **Logs** > **Posture** and verify that the service provider posture check is returning the expected results.
-Next, go to **Logs** > **Posture** and verify that the service provider posture check is returning the expected results.
+You can now use this posture check in a [device posture policy](/cloudflare-one/identity/devices/#3-build-a-device-posture-policy).
diff --git a/src/content/partials/cloudflare-one/posture/test-posture-provider.mdx b/src/content/partials/cloudflare-one/posture/test-posture-provider.mdx
index ea9e23c437a4e41..85f225371d6e903 100644
--- a/src/content/partials/cloudflare-one/posture/test-posture-provider.mdx
+++ b/src/content/partials/cloudflare-one/posture/test-posture-provider.mdx
@@ -3,4 +3,4 @@
---
-You will see the new provider listed under **Settings** > **WARP Client** > **Device posture providers**. To ensure the values have been entered correctly, select **Test**.
+You will see the new provider listed under **Settings** > **WARP Client** > **Third-party service provider integrations**. To ensure the values have been entered correctly, select **Test**.