cloudflare · ranbel · Apr 16, 2025 · Apr 16, 2025 · Apr 16, 2025 · Apr 16, 2025
@@ -139,19 +139,16 @@ To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) tha
         }'
         ```
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v5)">
 
-:::note[Provider versions]
-The following example requires Cloudflare provider version `>=4.40.0`.
-:::
 
 1.  Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 
     - `Access: Organizations, Identity Providers, and Groups Write`
 
 2.  Configure the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource:
 
-        <Render file="access/entra-id-terraform" />
+		<Render file="access/entra-id-terraform" />
 
 </TabItem> </Tabs>
 

@@ -80,11 +80,7 @@ Cloudflare Access has a generic OpenID Connect (OIDC) connector to help you inte
 		}'
 		```
 
-</TabItem> <TabItem label="Terraform">
-
-:::note[Provider versions]
-The following example requires Cloudflare provider version `>=4.40.0`.
-:::
+</TabItem> <TabItem label="Terraform (v5)">
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
@@ -96,7 +92,7 @@ The following example requires Cloudflare provider version `>=4.40.0`.
 			account_id = var.cloudflare_account_id
 			name       = "Generic OIDC example"
 			type       = "oidc"
-			config {
+			config 		 = {
 				client_id = "<your client id>"
 				client_secret = "<your client secret>"
 				auth_url = "https://accounts.google.com/o/oauth2/auth"

@@ -53,11 +53,7 @@ To download the SAML metadata file, copy-paste the metadata endpoint into a web
 6. (Optional) Under **Optional configurations**, configure [additional SAML options](#optional-configurations).
 7. Select **Save**.
 
-</TabItem> <TabItem label="Terraform">
-
-:::note[Provider versions]
-The following example requires Cloudflare provider version `>=4.40.0`.
-:::
+</TabItem> <TabItem label="Terraform (v5)">
 
 1.  Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 
@@ -70,10 +66,10 @@ The following example requires Cloudflare provider version `>=4.40.0`.
         	account_id = var.cloudflare_account_id
         	name       = "Generic SAML example"
         	type       = "saml"
-        	config {
+        	config 		 = {
         		sso_target_url = "https://example.com/1234/sso/saml"
         		issuer_url = "https://example.com/1234"
-        		idp_public_cert = "-----BEGIN CERTIFICATE-----\nXXXXX\n-----END CERTIFICATE-----"
+        		idp_public_certs = ["-----BEGIN CERTIFICATE-----\nXXXXX\n-----END CERTIFICATE-----"]
         		sign_request = false
         		email_attribute_name = "email"
         		attributes = ["employeeID", "groups"]

@@ -40,11 +40,7 @@ For example, if your team uses Okta but you are collaborating with someone outsi
 		}'
 		```
 
-</TabItem> <TabItem label="Terraform">
-
-:::note[Provider versions]
-The following example requires Cloudflare provider version `>=4.40.0`.
-:::
+</TabItem> <TabItem label="Terraform (v5)">
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
@@ -56,9 +52,10 @@ The following example requires Cloudflare provider version `>=4.40.0`.
 			account_id = var.cloudflare_account_id
 			name       = "One-time PIN login"
 			type       = "onetimepin"
+			config 		 = {}
 		}
 		```
-</TabItem> </Tabs>
+</TabItem></Tabs>
 
 :::tip
 If your organization uses a third-party email scanning service (for example, Mimecast or Barracuda), add `[email protected]` to the email scanning allowlist.

@@ -8,11 +8,11 @@ resource "cloudflare_zero_trust_access_identity_provider" "microsoft_entra_id" {
 	account_id = var.cloudflare_account_id
 	name       = "Entra ID example"
 	type       = "azureAD"
-	config {
+	config 		 = {
 		client_id                  = var.entra_id_client_id
 		client_secret              = var.entra_id_client_secret
 		directory_id               = var.entra_id_directory_id
 		support_groups             = true
-	}
+		}
 }
 ```
@@ -20,12 +20,12 @@ import {Render, Tabs, TabItem} from "~/components"
 
 5. Once you have filled in the necessary fields, select **Save**.
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v5)">
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
 
-2. Add an identity provider to Zero Trust using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource.  For example, to add a Microsoft Entra ID integration:
+2. Add an identity provider to Zero Trust using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource. For example, to add a Microsoft Entra ID integration:
 
 		<Render file="access/entra-id-terraform" product="cloudflare-one" />
 

@@ -3,7 +3,7 @@
 
 ---
 
-import { Render, Tabs, TabItem} from "~/components"
+import { Render} from "~/components"
 
 To start using Zero Trust features, create a Zero Trust organization in your Cloudflare account.
 
@@ -17,41 +17,25 @@ To create a Zero Trust organization:
 
 You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/).
 
-Zero Trust organizations cannot be created through Terraform. You must [sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard and then import the resource into your [Terraform configuration](/terraform/).
+To add Zero Trust to your Terraform configuration:
 
-To import your Zero Trust organization:
+1. [Sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard.
 
-<Tabs> <TabItem label="Terraform (v4)">
-
-:::note[Provider versions]
-The following example requires Cloudflare provider version `>=4.40.0`.
-:::
-
-1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+2. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
 
-2. Add the [`cloudflare_zero_trust_access_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/zero_trust_access_organization) resource:
+3. Add the [`cloudflare_zero_trust_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_organization) resource:
 
 	```terraform
-	resource "cloudflare_zero_trust_access_organization" "<your-team-name>" {
+	resource "cloudflare_zero_trust_organization" "<your-team-name>" {
 		account_id                         = var.cloudflare_account_id
 		name                               = "Acme Corporation"
 		auth_domain                        = "<your-team-name>.cloudflareaccess.com"
 	}
 	```
 	Replace `<your-team-name` with the Zero Trust organization name selected during [onboarding](#sign-up-for-zero-trust). You can also view your team name on [Zero Trust](https://one.dash.cloudflare.com) under **Settings** > **Custom Pages**.
 
-3. In a terminal, run:
-
-	```sh
-	terraform import cloudflare_zero_trust_access_organization.<your-team-name> <cloudflare_account_id>`
-	```
-
-</TabItem>
-
-</Tabs>
-
-You can now update the Zero Trust organization using Terraform.
+You can now update Zero Trust organization settings using Terraform.
 
 :::tip
 If you plan to manage all Zero Trust settings in Terraform, set the dashboard to [API/Terraform read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only).