From 95ff3a6b8bb783ec636aacdf33658cdf38752dae Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 12:15:51 -0400 Subject: [PATCH 1/5] update Entra ID example --- .../partials/cloudflare-one/access/entra-id-terraform.mdx | 4 ++-- .../partials/cloudflare-one/access/idp-integration.mdx | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/content/partials/cloudflare-one/access/entra-id-terraform.mdx b/src/content/partials/cloudflare-one/access/entra-id-terraform.mdx index 0ae925b2014fdad..7c3cd7116b2f389 100644 --- a/src/content/partials/cloudflare-one/access/entra-id-terraform.mdx +++ b/src/content/partials/cloudflare-one/access/entra-id-terraform.mdx @@ -8,11 +8,11 @@ resource "cloudflare_zero_trust_access_identity_provider" "microsoft_entra_id" { account_id = var.cloudflare_account_id name = "Entra ID example" type = "azureAD" - config { + config = { client_id = var.entra_id_client_id client_secret = var.entra_id_client_secret directory_id = var.entra_id_directory_id support_groups = true - } + } } ``` diff --git a/src/content/partials/cloudflare-one/access/idp-integration.mdx b/src/content/partials/cloudflare-one/access/idp-integration.mdx index 3de3f4179a24bd9..4caea952755c89d 100644 --- a/src/content/partials/cloudflare-one/access/idp-integration.mdx +++ b/src/content/partials/cloudflare-one/access/idp-integration.mdx @@ -20,12 +20,12 @@ import {Render, Tabs, TabItem} from "~/components" 5. Once you have filled in the necessary fields, select **Save**. - + 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): - `Access: Organizations, Identity Providers, and Groups Write` -2. Add an identity provider to Zero Trust using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource. For example, to add a Microsoft Entra ID integration: +2. Add an identity provider to Zero Trust using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource. For example, to add a Microsoft Entra ID integration: From ee760542f2467726d25436ed748ea6a3426444da Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 12:16:33 -0400 Subject: [PATCH 2/5] update ZT org example --- .../zero-trust/create-zero-trust-org.mdx | 30 +++++-------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx index c0572a770dc3685..c4593c6f1d115a2 100644 --- a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx +++ b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx @@ -3,7 +3,7 @@ --- -import { Render, Tabs, TabItem} from "~/components" +import { Render} from "~/components" To start using Zero Trust features, create a Zero Trust organization in your Cloudflare account. @@ -17,23 +17,17 @@ To create a Zero Trust organization: You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/). -Zero Trust organizations cannot be created through Terraform. You must [sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard and then import the resource into your [Terraform configuration](/terraform/). +To add Zero Trust to your Terraform configuration: -To import your Zero Trust organization: +1. [Sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard. - - -:::note[Provider versions] -The following example requires Cloudflare provider version `>=4.40.0`. -::: - -1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token): +2. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): - `Access: Organizations, Identity Providers, and Groups Write` -2. Add the [`cloudflare_zero_trust_access_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/zero_trust_access_organization) resource: +3. Add the [`cloudflare_zero_trust_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_organization) resource: ```terraform - resource "cloudflare_zero_trust_access_organization" "" { + resource "cloudflare_zero_trust_organization" "" { account_id = var.cloudflare_account_id name = "Acme Corporation" auth_domain = ".cloudflareaccess.com" @@ -41,17 +35,7 @@ The following example requires Cloudflare provider version `>=4.40.0`. ``` Replace ` **Custom Pages**. -3. In a terminal, run: - - ```sh - terraform import cloudflare_zero_trust_access_organization. ` - ``` - - - - - -You can now update the Zero Trust organization using Terraform. +You can now update Zero Trust organization settings using Terraform. :::tip If you plan to manage all Zero Trust settings in Terraform, set the dashboard to [API/Terraform read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only). From 264a0d827f723c8293162e2348adf9c988a9028a Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 12:17:12 -0400 Subject: [PATCH 3/5] update entra ID page --- .../cloudflare-one/identity/idp-integration/entra-id.mdx | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx index d76103e1cd7297e..9900db58b6d0412 100644 --- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx +++ b/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx @@ -139,11 +139,8 @@ To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) tha }' ``` - + -:::note[Provider versions] -The following example requires Cloudflare provider version `>=4.40.0`. -::: 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): @@ -151,7 +148,7 @@ The following example requires Cloudflare provider version `>=4.40.0`. 2. Configure the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource: - + From fce5e8c292ed3dcc4e1e92b05366e92833b6d2ad Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 12:17:40 -0400 Subject: [PATCH 4/5] update OTP --- .../docs/cloudflare-one/identity/one-time-pin.mdx | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/content/docs/cloudflare-one/identity/one-time-pin.mdx b/src/content/docs/cloudflare-one/identity/one-time-pin.mdx index 53e602bb4384e45..585ca3488795e90 100644 --- a/src/content/docs/cloudflare-one/identity/one-time-pin.mdx +++ b/src/content/docs/cloudflare-one/identity/one-time-pin.mdx @@ -40,11 +40,7 @@ For example, if your team uses Okta but you are collaborating with someone outsi }' ``` - - -:::note[Provider versions] -The following example requires Cloudflare provider version `>=4.40.0`. -::: + 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): - `Access: Organizations, Identity Providers, and Groups Write` @@ -56,9 +52,10 @@ The following example requires Cloudflare provider version `>=4.40.0`. account_id = var.cloudflare_account_id name = "One-time PIN login" type = "onetimepin" + config = {} } ``` - + :::tip If your organization uses a third-party email scanning service (for example, Mimecast or Barracuda), add `noreply@notify.cloudflare.com` to the email scanning allowlist. From fff22920e6b98286c427e2d580c346fe4d158c4b Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Wed, 16 Apr 2025 12:26:47 -0400 Subject: [PATCH 5/5] generic OIDC and SAML examples --- .../identity/idp-integration/generic-oidc.mdx | 8 ++------ .../identity/idp-integration/generic-saml.mdx | 10 +++------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx index 1fec86f2212b6ce..3d8be9927694915 100644 --- a/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx +++ b/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx @@ -80,11 +80,7 @@ Cloudflare Access has a generic OpenID Connect (OIDC) connector to help you inte }' ``` - - -:::note[Provider versions] -The following example requires Cloudflare provider version `>=4.40.0`. -::: + 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): - `Access: Organizations, Identity Providers, and Groups Write` @@ -96,7 +92,7 @@ The following example requires Cloudflare provider version `>=4.40.0`. account_id = var.cloudflare_account_id name = "Generic OIDC example" type = "oidc" - config { + config = { client_id = "" client_secret = "" auth_url = "https://accounts.google.com/o/oauth2/auth" diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx index 0ae1ec07b29c739..d76eb08f66d2af6 100644 --- a/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx +++ b/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx @@ -53,11 +53,7 @@ To download the SAML metadata file, copy-paste the metadata endpoint into a web 6. (Optional) Under **Optional configurations**, configure [additional SAML options](#optional-configurations). 7. Select **Save**. - - -:::note[Provider versions] -The following example requires Cloudflare provider version `>=4.40.0`. -::: + 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token): @@ -70,10 +66,10 @@ The following example requires Cloudflare provider version `>=4.40.0`. account_id = var.cloudflare_account_id name = "Generic SAML example" type = "saml" - config { + config = { sso_target_url = "https://example.com/1234/sso/saml" issuer_url = "https://example.com/1234" - idp_public_cert = "-----BEGIN CERTIFICATE-----\nXXXXX\n-----END CERTIFICATE-----" + idp_public_certs = ["-----BEGIN CERTIFICATE-----\nXXXXX\n-----END CERTIFICATE-----"] sign_request = false email_attribute_name = "email" attributes = ["employeeID", "groups"]