diff --git a/public/__redirects b/public/__redirects
index edbd698c2de109d..49b2d4bdc7148e8 100644
--- a/public/__redirects
+++ b/public/__redirects
@@ -2318,7 +2318,7 @@
/changelog-next/* /changelog/:splat 301
/browser-rendering/quick-actions-rest-api/* /browser-rendering/rest-api/:splat 301
/*/sitemap.xml /sitemap-index.xml 301
-/access/configuring-identity-providers/* /cloudflare-one/identity/idp-integration/:splat 301
+/access/configuring-identity-providers/* /cloudflare-one/integrations/identity-providers/:splat 301
/api-security/* /api-shield/:splat 301
/api-shield/products/* /api-shield/security/:splat 301
/distributed-web/* /web3/:splat 301
@@ -2383,6 +2383,11 @@
/cloudflare-one/policies/data-loss-prevention/configuration-guides/* /cloudflare-one/policies/data-loss-prevention/dlp-policies/common-policies/ 301
/cloudflare-one/policies/data-loss-prevention/datasets/* /cloudflare-one/policies/data-loss-prevention/detection-entries/:splat 301
+# Cloudflare One nav revamp
+/cloudflare-one/identity/one-time-pin/ /cloudflare-one/integrations/identity-providers/one-time-pin/ 301
+/cloudflare-one/identity/idp-integration/* /cloudflare-one/integrations/identity-providers/:splat 301
+
+
# Learning paths
/learning-paths/modules/get-started/onboarding/* /learning-paths/get-started-free/onboarding/:splat 301
diff --git a/src/content/changelog/fundamentals/2025-10-14-sso-self-service-ux.mdx b/src/content/changelog/fundamentals/2025-10-14-sso-self-service-ux.mdx
index 8a4b8574499121f..c9763acda83fa9f 100644
--- a/src/content/changelog/fundamentals/2025-10-14-sso-self-service-ux.mdx
+++ b/src/content/changelog/fundamentals/2025-10-14-sso-self-service-ux.mdx
@@ -8,7 +8,7 @@ date: 2025-10-14
-During Birthday Week, we announced that [single sign-on (SSO) is available for free](https://blog.cloudflare.com/enterprise-grade-features-for-all/) to everyone who signs in with a custom email domain and maintains a compatible [identity provider](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). SSO minimizes user friction around login and provides the strongest security posture available. At the time, this could only be configured using the API.
+During Birthday Week, we announced that [single sign-on (SSO) is available for free](https://blog.cloudflare.com/enterprise-grade-features-for-all/) to everyone who signs in with a custom email domain and maintains a compatible [identity provider](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/). SSO minimizes user friction around login and provides the strongest security posture available. At the time, this could only be configured using the API.
Today, we are launching a new user experience which allows users to manage their SSO configuration from within the Cloudflare dashboard. You can access this by going to **Manage account** > **Members** > **Settings**.
diff --git a/src/content/docs/agents/model-context-protocol/authorization.mdx b/src/content/docs/agents/model-context-protocol/authorization.mdx
index 326b9fd33bc6916..57a373967015b1e 100644
--- a/src/content/docs/agents/model-context-protocol/authorization.mdx
+++ b/src/content/docs/agents/model-context-protocol/authorization.mdx
@@ -79,7 +79,7 @@ Remember — [authentication is different from authorization](https://www.cloud
### (2) Cloudflare Access integration
-You can use Cloudflare Access as a Single Sign-On (SSO) provider to authorize users to your MCP server. Users log in using a [configured identity provider](/cloudflare-one/identity/idp-integration/) or a [one-time PIN](/cloudflare-one/identity/one-time-pin/), and they are only granted access if their identity matches your [Access policies](/cloudflare-one/policies/access/).
+You can use Cloudflare Access as a Single Sign-On (SSO) provider to authorize users to your MCP server. Users log in using a [configured identity provider](/cloudflare-one/integrations/identity-providers/) or a [one-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/), and they are only granted access if their identity matches your [Access policies](/cloudflare-one/policies/access/).
To deploy an [example MCP server](https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-cf-access) with Cloudflare Access as the OAuth provider, refer to [Secure MCP servers with Access for SaaS](/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp/).
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx
index 6c3969c0a073d1f..2de401e644a15f3 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/mcp-portals.mdx
@@ -24,7 +24,7 @@ An MCP server portal centralizes multiple [Model Context Protocol (MCP) servers]
- An [active domain on Cloudflare](/fundamentals/manage-domains/add-site/)
- Domain uses either a [full setup](/dns/zone-setups/full-setup/) or a [partial (`CNAME`) setup](/dns/zone-setups/partial-setup/)
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured on Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured on Cloudflare Zero Trust
## Add an MCP server
@@ -107,7 +107,7 @@ Cloudflare Access automatically creates an Access application for each MCP serve
2. Find the portal that you want to configure, then select the three dots > **Edit**.
3. To configure identity providers for the portal:
1. Select the **Login methods** tab.
- 2. Select the [identity providers](/cloudflare-one/identity/idp-integration/) that you want to enable for your application.
+ 2. Select the [identity providers](/cloudflare-one/integrations/identity-providers/) that you want to enable for your application.
3. (Recommended) If you plan to only allow access via a single identity provider, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
4. To customize the block page:
1. Select the **Experience settings** tab.
@@ -131,7 +131,7 @@ Workers AI Playground will show a **Connected** status and list the available to
For MCP clients with server configuration files, we recommend using the `npx` command with the `mcp-remote@latest` argument:
-``` json title= "MCP client configuration for MCP portals"
+``` json title= "MCP client configuration for MCP portals"
{
"mcpServers": {
"example-mcp-server": {
@@ -143,7 +143,7 @@ For MCP clients with server configuration files, we recommend using the `npx` co
]
}
}
-}
+}
```
We do not recommend using the `serverURL` parameter since it may cause issues with portal session creation and management.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp.mdx
index 3692bfaddf7db53..fe5f462eb6b8057 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/mcp-servers/saas-mcp.mdx
@@ -12,11 +12,11 @@ import { Render, GlossaryTooltip, Tabs, TabItem, APIRequest } from "~/components
You can secure [Model Context Protocol (MCP) servers](https://www.cloudflare.com/learning/ai/what-is-model-context-protocol-mcp/) by using Cloudflare Access as an OAuth Single Sign-On (SSO) provider.
-This guide walks through how to deploy a remote MCP server on [Cloudflare Workers](/workers/) that requires Cloudflare Access for authentication. When users connect to the MCP server using an MCP client, they will be prompted to log in to your [identity provider](/cloudflare-one/identity/idp-integration/) and are only granted access if they pass your [Access policies](/cloudflare-one/policies/access/#selectors).
+This guide walks through how to deploy a remote MCP server on [Cloudflare Workers](/workers/) that requires Cloudflare Access for authentication. When users connect to the MCP server using an MCP client, they will be prompted to log in to your [identity provider](/cloudflare-one/integrations/identity-providers/) and are only granted access if they pass your [Access policies](/cloudflare-one/policies/access/#selectors).
## Prerequisites
-- Add an [identity provider](/cloudflare-one/identity/idp-integration/) to Cloudflare Zero Trust
+- Add an [identity provider](/cloudflare-one/integrations/identity-providers/) to Cloudflare Zero Trust
- Install [npm](https://docs.npmjs.com/getting-started)
- Install [Node.js](https://nodejs.org/en/)
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx
index 5c6f18dbe8b2769..18ae810383f5fac 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Adobe Acrobat Sign](https://helpx.adobe.com/
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Adobe Acrobat Sign account
* A [claimed domain](https://helpx.adobe.com/sign/using/claim-domain-names.html) in Adobe Acrobat Sign
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx
index eb75cfc7bd200fc..bb70dc43be9b2f8 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx
@@ -15,7 +15,7 @@ import { Render } from "~/components";
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to your Area 1 account
* Your user's email in Area 1 matches their email in Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx
index a7dfa2ac39e7e49..9496bf1549ea59b 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Asana](https://help.asana.com/hc/en-us/artic
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Super admin access to an Asana Enterprise, Enterprise+, or Legacy Enterprise account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx
index c805d1e03b67394..395cb39573f4283 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Atlassian Cloud](https://support.atlassian.c
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to an Atlassian Cloud account
* Atlassian Guard Standard subscription
* A [domain](https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/) verified in Atlassian Cloud
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx
index 69d373c694af7c3..6778a3907f3a16e 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [AWS](https://docs.aws.amazon.com/singlesigno
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to an AWS account
## 1. Get AWS URLs
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx
index 07ee4b6bec3ef04..c1335ffe0391562 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Braintree](https://developer.paypal.com/brai
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Braintree production or sandbox account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx
index 1b872bf5dd5a397..c303cf07bc24000 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Coupa](https://compass.coupa.com/en-us/produ
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Coupa Stage or Production account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx
index 6fba61e120177ed..a2b570f4023f1ed 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Digicert](https://docs.digicert.com/en/certc
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Digicert account
* [SAML](https://docs.digicert.com/en/certcentral/manage-account/saml-admin-single-sign-on-guide/saml-single-sign-on-prerequisites.html) enabled in your Digicert account
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx
index 03b305e762e46b4..e154e1053b5e7d0 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx
@@ -10,7 +10,7 @@ This guide covers how to configure [Docusign](https://support.docusign.com/s/doc
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Docusign account that has Single Sign-On available
- A [domain](https://support.docusign.com/s/document-item?bundleId=rrf1583359212854&topicId=gso1583359141256.html) verified in Docusign
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx
index 7381bf7ea08fb36..a1b1946596b3c36 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Dropbox](https://help.dropbox.com/security/s
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Dropbox Advanced, Business Plus, or Enterprise account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx
index 122868d5e4080a4..89fbd3553283bae 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx
@@ -11,7 +11,7 @@ This page provides generic instructions for setting up a SaaS application in Clo
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to the account of the SaaS application
## 1. Get SaaS application URL
@@ -95,7 +95,7 @@ To add additional OIDC claims onto the ID token sent to your SaaS application, c
- **Name**: OIDC claim name
- **Scope**: Select the OIDC scope where this claim should be included. In most cases, we recommend selecting `profile` since it already includes other custom claims from the IdP.
- - **IdP claim**: The identity provider value that should map to this OIDC claim. You can select any [SAML attribute](/cloudflare-one/identity/idp-integration/generic-saml/#saml-headers-and-attributes) or [OIDC claim](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that was configured in a Zero Trust IdP integration.
+ - **IdP claim**: The identity provider value that should map to this OIDC claim. You can select any [SAML attribute](/cloudflare-one/integrations/identity-providers/generic-saml/#saml-headers-and-attributes) or [OIDC claim](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that was configured in a Zero Trust IdP integration.
- **Required**: If a claim is marked as required but is not provided by an IdP, Cloudflare will fail the authentication request and show an error page.
- **Add per IdP claim**: (Optional) If you turned on multiple identity providers for the SaaS application, you can choose different attribute mappings for each IdP. These values will override the parent **IdP claim**.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx
index 9a4496d35b6ae67..075b543601489ac 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx
@@ -11,7 +11,7 @@ This page provides generic instructions for setting up a SaaS application in Clo
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to the account of the SaaS application
## 1. Get SaaS application URLs
@@ -80,7 +80,7 @@ Open an incognito browser window and go to the SaaS application's login URL. You
## SAML attributes
-[SAML attributes](/cloudflare-one/identity/idp-integration/generic-saml/#saml-headers-and-attributes) refer to the user identity characteristics that Cloudflare Access shares with your SAML SaaS application upon successful authentication. By default, Cloudflare Access passes the following attributes (if available) to the SaaS application:
+[SAML attributes](/cloudflare-one/integrations/identity-providers/generic-saml/#saml-headers-and-attributes) refer to the user identity characteristics that Cloudflare Access shares with your SAML SaaS application upon successful authentication. By default, Cloudflare Access passes the following attributes (if available) to the SaaS application:
- `id` - UUID of the user's Access identity
- `name` - Full name of the user (for example, `John Doe`)
@@ -99,7 +99,7 @@ To send additional SAML attributes to your SaaS application, configure the follo
- `Unspecified`: (default) No specific format required.
- `URI`: Name is in a format such as `urn:ietf:params:scim:schemas:core:2.0:User:userName` or `urn:oid:2.5.4.42`.
- `Basic`: Name is a normal string such as `userName`.
- - **IdP claim**: The identity provider value that should map to this SAML attribute. You can select any [SAML attribute](/cloudflare-one/identity/idp-integration/generic-saml/#saml-headers-and-attributes) or [OIDC claim](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that was configured in a Zero Trust IdP integration.
+ - **IdP claim**: The identity provider value that should map to this SAML attribute. You can select any [SAML attribute](/cloudflare-one/integrations/identity-providers/generic-saml/#saml-headers-and-attributes) or [OIDC claim](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that was configured in a Zero Trust IdP integration.
- **Required**: If an attribute is marked as required but is not provided by an IdP, Cloudflare will fail the authentication request and show an error page.
- **Add per IdP claim**: (Optional) If you turned on multiple identity providers for the SaaS application, you can choose different attribute mappings for each IdP. These values will override the parent **IdP claim**.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx
index a024e6d8186ab9d..ebbb5a5df017b0a 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [GitHub Enterprise Cloud](https://docs.github
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* A GitHub Enterprise Cloud subscription
* Access to a GitHub account as an organization owner
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx
index ac5ba3ac8d73ea0..bfc689834227567 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx
@@ -14,14 +14,14 @@ This guide covers how to configure [Google Cloud](https://support.google.com/clo
When configuring Google Cloud with Access, the following limitations apply:
-- Users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/google-workspace/) as an identity provider after Google Cloud is configured with Access.
+- Users will not be able to log in using [Google](/cloudflare-one/integrations/identity-providers/google/) or [Google Workspace](/cloudflare-one/integrations/identity-providers/google-workspace/) as an identity provider after Google Cloud is configured with Access.
- The integration of Access as a single sign-on provider for your Google Cloud account does not work for Google super admins. It will work for other users.
:::
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Google Workspace account
- [Cloud Identity Free or Premium](https://support.google.com/cloudidentity/answer/7389973) set up in your organization's Google Cloud account
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx
index 16ead75fc7d4aba..ec91ec2d126adfb 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx
@@ -18,7 +18,7 @@ The integration of Access as a single sign-on provider for your Google Workspace
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Google Workspace account
## 1. Create an application in Zero Trust
@@ -35,7 +35,7 @@ The integration of Access as a single sign-on provider for your Google Workspace
:::caution
-When you put your Google Workspace behind Access, users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/google-workspace/) as an identity provider. To secure Google Workspace behind Access and avoid an [authentication loop](/cloudflare-one/faq/troubleshooting/#after-putting-google-workspace-behind-access-i-cant-log-in-it-keeps-redirecting-between-access-and-google-without-ever-completing-authentication), you must configure a different identity provider (not Google or Google Workspace) for authentication.
+When you put your Google Workspace behind Access, users will not be able to log in using [Google](/cloudflare-one/integrations/identity-providers/google/) or [Google Workspace](/cloudflare-one/integrations/identity-providers/google-workspace/) as an identity provider. To secure Google Workspace behind Access and avoid an [authentication loop](/cloudflare-one/faq/troubleshooting/#after-putting-google-workspace-behind-access-i-cant-log-in-it-keeps-redirecting-between-access-and-google-without-ever-completing-authentication), you must configure a different identity provider (not Google or Google Workspace) for authentication.
:::
4. [Create an Access policy](/cloudflare-one/policies/access/) for your application. For example, you could allow users with an `@your_domain.com` email address.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx
index f4e101e21bfd38a..9239ada83b8193b 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Grafana Cloud](https://grafana.com/docs/graf
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Grafana Cloud account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx
index 87208568344f8e4..2b4c0df848b54d2 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Grafana](https://grafana.com/docs/grafana/la
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Grafana account
:::note
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx
index 146171f8eacb9cd..c257209a1fb4b0f 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Greenhouse Recruiting](https://support.green
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to an Advanced or Expert Greenhouse Recruiting site
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx
index 78f2e2fe1160c98..cc54fdf896bd5d7 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Hubspot](https://knowledge.hubspot.com/accou
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Hubspot Enterprise plan account
## 1. Configure Hubspot
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx
index a659949da4b1369..9159f8da4162c4c 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Ironclad](https://support.ironcladapp.com/hc
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Ironclad site
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx
index 2108b2bf528cdff..01ebe1319881b7b 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Jamf Pro](https://learn.jamf.com/en-US/bundl
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Jamf Pro account
## 1. Collect Jamf Pro information
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx
index d3da69cbb8331dd..5ee7083210fbfd4 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx
@@ -12,7 +12,7 @@ This guide covers how to configure [Miro](https://help.miro.com/hc/articles/3600
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Miro Business or Enterprise plan account
- A [verified domain](https://help.miro.com/hc/articles/360034831793-Domain-control) added to your Miro account (Enterprise plan), or be prepared to do so during SSO configuration (Business or Enterprise plan)
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx
index fced37c93e5d5a7..b6e35a647e26850 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [PagerDuty](https://support.pagerduty.com/doc
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a PagerDuty site
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx
index 1bd84029bdec5d2..5e3a83684c2c00d 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Pingboard](https://support.pingboard.com/hc/
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Pingboard account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx
index f0e2c00322e0d03..475f55a68c643ae 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx
@@ -12,7 +12,7 @@ This guide covers how to configure [Salesforce](https://help.salesforce.com/s/ar
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Salesforce account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx
index a97dcf68d7ec2cc..bcfb5bd00a95671 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx
@@ -13,7 +13,7 @@ This guide covers how to configure [Salesforce](https://help.salesforce.com/s/ar
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to a Salesforce account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx
index aa8830bfcde13dc..afe7f3c3874b68c 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [ServiceNow](https://docs.servicenow.com/bund
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a ServiceNow account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx
index dbf335fe0ac5f6a..f0b96ebd22b9319 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [ServiceNow](https://docs.servicenow.com/bund
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a ServiceNow account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx
index b164c582b1a6a66..795c1f321c4de50 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx
@@ -13,7 +13,7 @@ This guide covers how to configure [Slack](https://slack.com/help/articles/20377
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Slack Business+ or Enterprise Grid plan account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx
index 7b97cc48833c94e..84eb7f78159e3e8 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Smartsheet](https://help.smartsheet.com/arti
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Smartsheet Enterprise account
* A [domain](https://help.smartsheet.com/articles/2483051-domain-management) verified in Smartsheet
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx
index 3a5f59a2fe8a4e5..186b9b127cf055c 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [SparkPost or SparkPost EU](https://support.s
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a SparkPost or SparkPost EU account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx
index 0d5604b3abf3379..62133eb8ecf0fd7 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Tableau Cloud](https://help.tableau.com/curr
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Tableau Cloud site
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx
index e1546096a4db156..9f2a1fc95e30320 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Workday](https://doc.workday.com/admin-guide
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Workday account
## 1. Add a SaaS application to Cloudflare Zero Trust
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx
index 152b86d98b194ad..cdaf7250792ee5a 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx
@@ -10,7 +10,7 @@ This guide covers how to configure [Zendesk](https://support.zendesk.com/hc/en-u
## Prerequisites
-- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
- Admin access to your Zendesk account
## Configure Zendesk and Cloudflare
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx
index 4cb20e78d3934c6..9ebfe3a2a8758ff 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx
@@ -11,7 +11,7 @@ This guide covers how to configure [Zoom](https://support.zoom.com/hc/en/article
## Prerequisites
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+* An [identity provider](/cloudflare-one/integrations/identity-providers/) configured in Cloudflare Zero Trust
* Admin access to a Zoom Business, Education, or Enterprise account
* An [associated domain](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0066259) configured in your Zoom account
* A [vanity URL](https://support.zoom.com/hc/en/article?id=zm_kb\&sysparm_article=KB0061540) configured in your Zoom account
diff --git a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
index 0a441fcb339c8d3..1afdfd00a1124df 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/self-hosted-private-app.mdx
@@ -39,7 +39,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/appl
8. Configure how users will authenticate:
- 1. Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+ 1. Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
diff --git a/src/content/docs/cloudflare-one/changelog/access.mdx b/src/content/docs/cloudflare-one/changelog/access.mdx
index 2c2af9fe5ce3fa8..00e9c4dfc44cf03 100644
--- a/src/content/docs/cloudflare-one/changelog/access.mdx
+++ b/src/content/docs/cloudflare-one/changelog/access.mdx
@@ -41,7 +41,7 @@ Enterprise customers can now use Logpush to export SSH command logs for Access f
**SCIM GA for Okta and Microsoft Entra ID**
-Cloudflare's SCIM integrations with [Okta](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups) and [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/#synchronize-users-and-groups) (formerly AzureAD) are now out of beta and generally available (GA) for all customers. These integrations can be used for Access and Gateway policies and Zero Trust user management. Note: This GA release does not include [Dashboard SSO SCIM](/fundamentals/account/account-security/scim-setup/) support.
+Cloudflare's SCIM integrations with [Okta](/cloudflare-one/integrations/identity-providers/okta/#synchronize-users-and-groups) and [Microsoft Entra ID](/cloudflare-one/integrations/identity-providers/entra-id/#synchronize-users-and-groups) (formerly AzureAD) are now out of beta and generally available (GA) for all customers. These integrations can be used for Access and Gateway policies and Zero Trust user management. Note: This GA release does not include [Dashboard SSO SCIM](/fundamentals/account/account-security/scim-setup/) support.
## 2024-10-23
diff --git a/src/content/docs/cloudflare-one/faq/authentication-faq.mdx b/src/content/docs/cloudflare-one/faq/authentication-faq.mdx
index a93e4760917cbbd..a3a7abcbf2e62cb 100644
--- a/src/content/docs/cloudflare-one/faq/authentication-faq.mdx
+++ b/src/content/docs/cloudflare-one/faq/authentication-faq.mdx
@@ -19,7 +19,7 @@ Yes. Your team can simultaneously use multiple providers, reducing friction when
## What if the identity provider my team uses is not listed?
-You can add your preferred identity providers to Cloudflare Access even if you do not see them listed in Zero Trust, as long as these providers support SAML 2.0 or [OpenID Connect (OIDC)](/cloudflare-one/identity/idp-integration/generic-oidc/).
+You can add your preferred identity providers to Cloudflare Access even if you do not see them listed in Zero Trust, as long as these providers support SAML 2.0 or [OpenID Connect (OIDC)](/cloudflare-one/integrations/identity-providers/generic-oidc/).
## How do end users log out of an application protected by Access?
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index afb60f3dee8872d..25a5ceb7a7f9e3e 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -300,9 +300,9 @@ To prevent WARP from auto connecting while using an admin override code, disable
## I am getting the error `Failed to fetch user/group information from the identity provider`.
-This error is returned when proper API permissions are not set up in the identity provider. When Cloudflare attempts to fetch user/group information from the identity provider and proper API permissions have not been configured, the `Failed to fetch user/group information from the identity provider` error will appear. Review the [SSO integration](/cloudflare-one/identity/idp-integration/) guide for your identity provider to ensure your application has the appropriate API permissions.
+This error is returned when proper API permissions are not set up in the identity provider. When Cloudflare attempts to fetch user/group information from the identity provider and proper API permissions have not been configured, the `Failed to fetch user/group information from the identity provider` error will appear. Review the [SSO integration](/cloudflare-one/integrations/identity-providers/) guide for your identity provider to ensure your application has the appropriate API permissions.
-For example, [Microsoft Entra](/cloudflare-one/identity/idp-integration/entra-id/#2-configure-api-permissions-in-entra-id) and [Okta]() have required permissions stated in their integration guides.
+For example, [Microsoft Entra](/cloudflare-one/integrations/identity-providers/entra-id/#2-configure-api-permissions-in-entra-id) and [Okta]() have required permissions stated in their integration guides.
You can also examine logs in your identity provider to identify any denied requests related to API access.
diff --git a/src/content/docs/cloudflare-one/identity/authorization-cookie/application-token.mdx b/src/content/docs/cloudflare-one/identity/authorization-cookie/application-token.mdx
index 12294719c8c382b..b89b47c4dc5f773 100644
--- a/src/content/docs/cloudflare-one/identity/authorization-cookie/application-token.mdx
+++ b/src/content/docs/cloudflare-one/identity/authorization-cookie/application-token.mdx
@@ -68,7 +68,7 @@ The payload contains the actual claim and user information to pass to the applic
#### Custom SAML attributes and OIDC claims
-Access allows you to add custom SAML attributes and OIDC claims to your JWT for enhanced verification, if supported by your identity provider. This is configured when you setup your [SAML](/cloudflare-one/identity/idp-integration/generic-saml/) or [OIDC](/cloudflare-one/identity/idp-integration/generic-oidc/) provider.
+Access allows you to add custom SAML attributes and OIDC claims to your JWT for enhanced verification, if supported by your identity provider. This is configured when you setup your [SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) or [OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) provider.
#### User identity
diff --git a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
index f746f2435fcfbe9..908a265fbf34628 100644
--- a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
@@ -66,7 +66,7 @@ The following Access cookies are essential to Access functionality. Cookies that
| Details | Expiration | HttpOnly | SameSite | Required? |
| ----------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | -------- | --------- |
-| Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/identity/one-time-pin/) | 30 days | Yes | Strict | Required |
+| Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/one-time-pin/) | 30 days | Yes | Strict | Required |
## Cookie settings
diff --git a/src/content/docs/cloudflare-one/identity/index.mdx b/src/content/docs/cloudflare-one/identity/index.mdx
index 17ddc116bd63529..5634de017535e82 100644
--- a/src/content/docs/cloudflare-one/identity/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/index.mdx
@@ -9,7 +9,7 @@ import { DirectoryListing, Render } from "~/components";
Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously.
-As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/identity/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/policies/access/) and to the group that allows your team to reach the application.
+As an alternative to configuring an identity provider, Cloudflare Zero Trust can send a [one-time PIN (OTP)](/cloudflare-one/integrations/identity-providers/one-time-pin/) to approved email addresses. No configuration needed — simply add a user's email address to an [Access policy](/cloudflare-one/policies/access/) and to the group that allows your team to reach the application.
You can simultaneously configure an OTP and an identity provider to allow users to use their own authentication method.
diff --git a/src/content/docs/cloudflare-one/identity/users/scim.mdx b/src/content/docs/cloudflare-one/identity/users/scim.mdx
index f6ae17531f9384b..e114e068bb50f5c 100644
--- a/src/content/docs/cloudflare-one/identity/users/scim.mdx
+++ b/src/content/docs/cloudflare-one/identity/users/scim.mdx
@@ -24,5 +24,5 @@ Cloudflare Access supports SCIM provisioning for all SAML and OIDC identity prov
Cloudflare Access can automatically deprovision users from Zero Trust after they are deactivated in the identity provider and display synchronized group names in the Access and Gateway policy builders. Cloudflare does not provision new users in Zero Trust when they are added to the identity provider -- users must first register a device with the WARP client or authenticate to an Access application.
-To set up SCIM for Zero Trust, refer to our [SSO integration](/cloudflare-one/identity/idp-integration/) guides.
+To set up SCIM for Zero Trust, refer to our [SSO integration](/cloudflare-one/integrations/identity-providers/) guides.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/adfs.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/adfs.mdx
similarity index 99%
rename from src/content/docs/cloudflare-one/identity/idp-integration/adfs.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/adfs.mdx
index aa2e7e5a6db90ec..7903e2850fc07f3 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/adfs.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/adfs.mdx
@@ -9,7 +9,7 @@ import { GlossaryTooltip } from "~/components";
:::caution
Microsoft recommends migrating your Active Directory Federation Service (AD FS) SSO to Microsoft Entra ID. For more information, refer to [Microsoft Learn](https://learn.microsoft.com/windows-server/identity/ad-fs/ad-fs-overview).
-To set up the Microsoft Entra ID IdP integration with Zero Trust, refer to [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/).
+To set up the Microsoft Entra ID IdP integration with Zero Trust, refer to [Microsoft Entra ID](/cloudflare-one/integrations/identity-providers/entra-id/).
:::
Active Directory is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Active Directory integrates with Cloudflare Access using Security Assertion Markup Language (SAML).
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/aws-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/aws-saml.mdx
similarity index 93%
rename from src/content/docs/cloudflare-one/identity/idp-integration/aws-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/aws-saml.mdx
index d067d7c5705ee79..b26853f228baeb2 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/aws-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/aws-saml.mdx
@@ -69,11 +69,11 @@ You can find your team name in Zero Trust under **Settings** > **Custom Pages**.
21. Upload the **IAM Identity Center SAML metadata file** that you downloaded in Step 8.
-22. (Recommended) Enable [**Sign SAML authentication request**](/cloudflare-one/identity/idp-integration/generic-saml/#sign-saml-authentication-request).
+22. (Recommended) Enable [**Sign SAML authentication request**](/cloudflare-one/integrations/identity-providers/generic-saml/#sign-saml-authentication-request).
23. Select **Save**.
-To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) that your connection is working, select **Test**.
+To [test](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) that your connection is working, select **Test**.
## Example API configuration
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/awscognito-oidc.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/awscognito-oidc.mdx
similarity index 92%
rename from src/content/docs/cloudflare-one/identity/idp-integration/awscognito-oidc.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/awscognito-oidc.mdx
index f9b7e7ac74b7dfe..583597fb9779189 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/awscognito-oidc.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/awscognito-oidc.mdx
@@ -79,11 +79,11 @@ To retrieve those values:
5. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts.
-6. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to users' identity.
+6. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to users' identity.
7. Select **Save**.
-To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) that your connection is working, select **Test**.
+To [test](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) that your connection is working, select **Test**.
## Example API Configuration
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/centrify-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/centrify-saml.mdx
similarity index 94%
rename from src/content/docs/cloudflare-one/identity/idp-integration/centrify-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/centrify-saml.mdx
index 48b5385635697fc..2b2d7b12f3dd6b9 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/centrify-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/centrify-saml.mdx
@@ -69,9 +69,9 @@ Centrify secures access to infrastructure, DevOps, cloud, and other modern enter
4. Copy and paste the corresponding information from Centrify into the fields.
-5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-saml/#synchronize-users-and-groups).
+5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-saml/#synchronize-users-and-groups).
-6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/identity/idp-integration/generic-saml/#optional-configurations).
+6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/integrations/identity-providers/generic-saml/#optional-configurations).
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/centrify.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/centrify.mdx
similarity index 91%
rename from src/content/docs/cloudflare-one/identity/idp-integration/centrify.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/centrify.mdx
index 5781e3e80866a5f..f36f69c6dc8cdd8 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/centrify.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/centrify.mdx
@@ -64,9 +64,9 @@ Centrify secures access to infrastructure, DevOps, cloud, and other modern enter
3. Paste in the **Client ID**, **Client Secret**, **Centrify account URL** and **Application ID**.
-4. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-oidc/#synchronize-users-and-groups).
+4. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-oidc/#synchronize-users-and-groups).
-5. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
+5. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
6. Select **Save**.
To test that your connection is working, go to **Authentication** > **Login methods** and select **Test** next to the login method you want to test.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/citrixadc-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/citrixadc-saml.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/citrixadc-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/citrixadc-saml.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/entra-id.mdx
similarity index 93%
rename from src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/entra-id.mdx
index af947b3763866c8..00dcbde51833b04 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/entra-id.mdx
@@ -43,7 +43,7 @@ To retrieve those values:
8. Next, return to Microsoft Entra ID and go to **Applications** > **App registrations**.
-9. Select **All applications** and select the app you just created. Copy the **Application (client) ID** and **Directory (tenant) ID**. You will need these values when [adding Entra ID as an identity provider in step 3](/cloudflare-one/identity/idp-integration/entra-id/#3-add-entra-id-as-an-identity-provider).
+9. Select **All applications** and select the app you just created. Copy the **Application (client) ID** and **Directory (tenant) ID**. You will need these values when [adding Entra ID as an identity provider in step 3](/cloudflare-one/integrations/identity-providers/entra-id/#3-add-entra-id-as-an-identity-provider).
@@ -55,7 +55,7 @@ To retrieve those values:
When the client secret expires, users will be unable to log in through Access. Take note of your expiry date to prevent login errors and renew your client secret when necessary.
:::
-12. After the client secret is created, copy its **Value** field. Store the client secret in a safe place, as it can only be viewed immediately after creation. You will need this client secret value when [adding Entra ID as an identity provider in step 3](/cloudflare-one/identity/idp-integration/entra-id/#3-add-entra-id-as-an-identity-provider).
+12. After the client secret is created, copy its **Value** field. Store the client secret in a safe place, as it can only be viewed immediately after creation. You will need this client secret value when [adding Entra ID as an identity provider in step 3](/cloudflare-one/integrations/identity-providers/entra-id/#3-add-entra-id-as-an-identity-provider).
@@ -100,7 +100,7 @@ More narrow permissions may be used, however this is the set of permissions that
5. Select **Save**.
-6. To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) that your connection is working, select **Test**.
+6. To [test](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) that your connection is working, select **Test**.
7. (Optional) Configure the following settings:
- **Proof Key for Code Exchange**: Perform [PKCE](https://www.oauth.com/oauth2-servers/pkce/) on all login attempts.
@@ -108,7 +108,7 @@ More narrow permissions may be used, however this is the set of permissions that
- **Entra ID Policy Sync**: Refer to our [Entra ID Conditional Access tutorial](/cloudflare-one/tutorials/entra-id-conditional-access/).
- **Enable SCIM**: Refer to [Synchronize users and groups](#synchronize-users-and-groups).
- **Email claim**: Enter the Entra ID claim that you wish to use for user identification (for example, `preferred_username`).
- - **OIDC Claims**: Enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
+ - **OIDC Claims**: Enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
@@ -167,7 +167,7 @@ To receive an email claim in the `id_token` from Microsoft Entra, you must:
#### Object ID
-If you are concerned that users' emails or UPNs may change, you can pass the user's object ID (`oid`) from Microsoft Entra to Cloudflare Access. To configure Access to receive the object ID, refer to [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims). No additional configuration is required in Microsoft Entra.
+If you are concerned that users' emails or UPNs may change, you can pass the user's object ID (`oid`) from Microsoft Entra to Cloudflare Access. To configure Access to receive the object ID, refer to [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims). No additional configuration is required in Microsoft Entra.
## Synchronize users and groups
@@ -201,9 +201,9 @@ SCIM requires a separate enterprise application from the one created during [ini
5. After you have created the application, go to **Provisioning** > select **New Configuration**.
-6. In the **Tenant URL** field, enter the **SCIM Endpoint** obtained from your Entra ID integration in Zero Trust [in the previous step](/cloudflare-one/identity/idp-integration/entra-id/#1-enable-scim-in-zero-trust).
+6. In the **Tenant URL** field, enter the **SCIM Endpoint** obtained from your Entra ID integration in Zero Trust [in the previous step](/cloudflare-one/integrations/identity-providers/entra-id/#1-enable-scim-in-zero-trust).
-7. In the **Secret token** field, enter the **SCIM Secret** obtained from your Entra ID integration in Zero Trust [in the previous step](/cloudflare-one/identity/idp-integration/entra-id/#1-enable-scim-in-zero-trust).
+7. In the **Secret token** field, enter the **SCIM Secret** obtained from your Entra ID integration in Zero Trust [in the previous step](/cloudflare-one/integrations/identity-providers/entra-id/#1-enable-scim-in-zero-trust).
8. Select **Test Connection** to ensure that the credentials were entered correctly. If the test fails, go to your Entra ID integration in Zero Trust, select **Regenerate Secret**, select **Save**, and enter your new **SCIM Secret** in the **Secret token** field.
@@ -212,7 +212,7 @@ SCIM requires a separate enterprise application from the one created during [ini
10. Once the SCIM application is created, [assign users and groups to the application](https://learn.microsoft.com/entra/identity/enterprise-apps/assign-user-or-group-access-portal).
:::note
-Groups in this SCIM application should match the groups in your other [Cloudflare Access enterprise application](/cloudflare-one/identity/idp-integration/entra-id/#set-up-entra-id-as-an-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+Groups in this SCIM application should match the groups in your other [Cloudflare Access enterprise application](/cloudflare-one/integrations/identity-providers/entra-id/#set-up-entra-id-as-an-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
:::
11. Go to **Provisioning** and select **Start provisioning**.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/facebook-login.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/facebook-login.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/identity/idp-integration/facebook-login.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/facebook-login.mdx
index 97c8350d0e965cc..384e37f05b553c0 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/facebook-login.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/facebook-login.mdx
@@ -57,7 +57,7 @@ Use these steps to set up Facebook as your identity provider.
22. Select **Save Changes**.
-To test that your connection is working, follow the steps on [SSO Integration](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust).
+To test that your connection is working, follow the steps on [SSO Integration](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust).
## Example API Configuration
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/generic-oidc.mdx
similarity index 90%
rename from src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/generic-oidc.mdx
index adfb055f88aa1a8..d2ab836d42f5d17 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/generic-oidc.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/generic-oidc.mdx
@@ -2,7 +2,7 @@
pcx_content_type: how-to
title: Generic OIDC
sidebar:
- order: 1
+ order: 2
---
import { Tabs, TabItem, Render, APIRequest } from "~/components";
@@ -124,14 +124,14 @@ Your identity provider must support SCIM version 2.0.
### 2. Configure SCIM in the IdP
-Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the [original SSO application](/cloudflare-one/identity/idp-integration/generic-oidc/#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups) or [Jumpcloud](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#synchronize-users-and-groups) guides.
+Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the [original SSO application](/cloudflare-one/integrations/identity-providers/generic-oidc/#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/integrations/identity-providers/okta/#synchronize-users-and-groups) or [Jumpcloud](/cloudflare-one/integrations/identity-providers/jumpcloud-saml/#synchronize-users-and-groups) guides.
#### IdP groups
If you would like to build policies based on IdP groups:
- Ensure that your IdP sends a `groups` field. The naming must match exactly (case insensitive). All other values will be sent as a OIDC claim.
-- If your IdP requires creating a new SCIM application, ensure that the groups in the SCIM application match the groups in the [original SSO application](/cloudflare-one/identity/idp-integration/generic-oidc/#1-create-an-application-in-your-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+- If your IdP requires creating a new SCIM application, ensure that the groups in the SCIM application match the groups in the [original SSO application](/cloudflare-one/integrations/identity-providers/generic-oidc/#1-create-an-application-in-your-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
### 3. Verify SCIM provisioning
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/generic-saml.mdx
similarity index 92%
rename from src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/generic-saml.mdx
index cdb816e7cc93233..b351133b43afd89 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/generic-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/generic-saml.mdx
@@ -86,7 +86,7 @@ Set a reminder for the expiry date of the signing certificate obtained from your
## 3. Test the connection
-You can now [test the IdP integration](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust). A success response should return the configured SAML attributes.
+You can now [test the IdP integration](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust). A success response should return the configured SAML attributes.
## Synchronize users and groups
@@ -106,14 +106,14 @@ Your identity provider must support SCIM version 2.0.
### 2. Configure SCIM in the IdP
-Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the [original SSO application](#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups) or [JumpCloud](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#synchronize-users-and-groups) guides.
+Setup instructions vary depending on the identity provider. In your identity provider, you will either need to edit the [original SSO application](#1-create-an-application-in-your-identity-provider) or create a new SCIM application. Refer to your identity provider's documentation for more details. For example instructions, refer to our [Okta](/cloudflare-one/integrations/identity-providers/okta/#synchronize-users-and-groups) or [JumpCloud](/cloudflare-one/integrations/identity-providers/jumpcloud-saml/#synchronize-users-and-groups) guides.
#### IdP groups
If you would like to build policies based on IdP groups:
- Ensure that your IdP sends a `groups` field. The naming must match exactly (case insensitive). All other values will be sent as a SAML attribute.
-- If your IdP requires creating a new SCIM application, ensure that the groups in the SCIM application match the groups in the [original SSO application](/cloudflare-one/identity/idp-integration/generic-saml/#1-create-an-application-in-your-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+- If your IdP requires creating a new SCIM application, ensure that the groups in the SCIM application match the groups in the [original SSO application](/cloudflare-one/integrations/identity-providers/generic-saml/#1-create-an-application-in-your-identity-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
### 3. Verify SCIM provisioning
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/github.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/github.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/github.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/github.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/google-workspace.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/google-workspace.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/identity/idp-integration/google-workspace.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/google-workspace.mdx
index a3990254b788749..12005893a3c6272 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/google-workspace.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/google-workspace.mdx
@@ -10,7 +10,7 @@ import { GlossaryTooltip, Render } from "~/components";
The Google Workspace IdP integration [is not supported](/cloudflare-one/faq/troubleshooting/#after-putting-google-workspace-behind-access-i-cant-log-in-it-keeps-redirecting-between-access-and-google-without-ever-completing-authentication) if your Google Workspace account is protected by Access.
:::
-You can integrate a Google Workspace (formerly G Suite) account with Cloudflare Access. Unlike the instructions for [generic Google authentication](/cloudflare-one/identity/idp-integration/google/), the steps below will allow you to pull group membership information from your Google Workspace account.
+You can integrate a Google Workspace (formerly G Suite) account with Cloudflare Access. Unlike the instructions for [generic Google authentication](/cloudflare-one/integrations/identity-providers/google/), the steps below will allow you to pull group membership information from your Google Workspace account.
Once integrated, users will log in with their Google Workspace credentials to reach resources protected by Cloudflare Access or to enroll their device into Cloudflare Gateway.
@@ -85,7 +85,7 @@ You do not need to be a Google Cloud Platform user to integrate Google Workspace
4. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
-5. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to your user's identity.
+5. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to your user's identity.
6. Select **Save**. To complete setup, you must visit the generated link. If you are not the Google Workspace administrator, share the link with the administrator.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/google.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/google.mdx
similarity index 95%
rename from src/content/docs/cloudflare-one/identity/idp-integration/google.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/google.mdx
index aa9d9908113726b..289d76103ea45a2 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/google.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/google.mdx
@@ -5,7 +5,7 @@ title: Google
import { GlossaryTooltip, Render } from "~/components";
-You can integrate Google authentication with Cloudflare Access without a Google Workspace account. The integration allows any user with a Google account to log in (if the [Access policy](/cloudflare-one/policies/access/) allows them to reach the resource). Unlike the instructions for [Google Workspace](/cloudflare-one/identity/idp-integration/google-workspace/), the steps below will not allow you to pull group membership information from a Google Workspace account.
+You can integrate Google authentication with Cloudflare Access without a Google Workspace account. The integration allows any user with a Google account to log in (if the [Access policy](/cloudflare-one/policies/access/) allows them to reach the resource). Unlike the instructions for [Google Workspace](/cloudflare-one/integrations/identity-providers/google-workspace/), the steps below will not allow you to pull group membership information from a Google Workspace account.
You do not need to be a Google Cloud Platform user to integrate Google as an identity provider with Cloudflare Zero Trust. You will only need to open the Google Cloud Platform to configure IdP integration settings.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx
similarity index 98%
rename from src/content/docs/cloudflare-one/identity/idp-integration/index.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx
index e214eb1ed94df24..c6e920f68dcbd5c 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/index.mdx
@@ -1,6 +1,6 @@
---
pcx_content_type: how-to
-title: SSO integration
+title: Identity providers
tags:
- SSO
---
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/jumpcloud-saml.mdx
similarity index 92%
rename from src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/jumpcloud-saml.mdx
index 71c0c64dba5dbad..4a29a6693de1210 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/jumpcloud-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/jumpcloud-saml.mdx
@@ -66,7 +66,7 @@ The following steps are specific to setting up JumpCloud with Cloudflare Access.
7. Select **Save**.
-You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
+You can now [test your connection](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
## Synchronize users and groups
@@ -83,7 +83,7 @@ The JumpCloud integration allows you to synchronize user groups and automaticall
### 2. Configure SCIM in JumpCloud
1. In the [JumpCloud Admin Portal](https://console.jumpcloud.com/#/home), go to **SSO Applications**.
-2. Select the Cloudflare application that was created when you [Set up JumpCloud as a SAML provider](/cloudflare-one/identity/idp-integration/jumpcloud-saml/#set-up-jumpcloud-as-a-saml-provider).
+2. Select the Cloudflare application that was created when you [Set up JumpCloud as a SAML provider](/cloudflare-one/integrations/identity-providers/jumpcloud-saml/#set-up-jumpcloud-as-a-saml-provider).
3. Select the **SSO** tab.
4. To provision user groups, select **Include group attribute** and enter `groups`. The group attribute name has to exactly match `groups` or else it will be sent as a SAML attribute.
5. Select the **Identity Management** tab.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/keycloak.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/keycloak.mdx
similarity index 98%
rename from src/content/docs/cloudflare-one/identity/idp-integration/keycloak.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/keycloak.mdx
index 7c420603f1d7058..79fe650881c7273 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/keycloak.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/keycloak.mdx
@@ -29,7 +29,7 @@ To set up Keycloak (SAML) as your identity provider:
6. If you wish to enable client signatures, enable `Client Signature Required` and select **save**.
- 1. You will need to [follow the steps here to get the certificate and enable it in the Cloudflare dashboard](/cloudflare-one/identity/idp-integration/signed_authn/).
+ 1. You will need to [follow the steps here to get the certificate and enable it in the Cloudflare dashboard](/cloudflare-one/integrations/identity-providers/signed_authn/).
2. Import the Access certificate you downloaded into the `SAML Keys` tab. Use `Certificate PEM` as the format.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/linkedin.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/linkedin.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/linkedin.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/linkedin.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/okta-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/okta-saml.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/okta-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/okta-saml.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/okta.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/okta.mdx
similarity index 94%
rename from src/content/docs/cloudflare-one/identity/idp-integration/okta.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/okta.mdx
index 7d2fbcdff3ea8e2..e3c9e1756661520 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/okta.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/okta.mdx
@@ -6,7 +6,7 @@ description: Integrate Okta as an identity provider for Cloudflare Zero Trust.
import { Render } from "~/components";
-Okta provides cloud software that helps companies manage and secure user authentication to modern applications, and helps developers build identity controls into applications, website web services, and devices. You can integrate Okta with Cloudflare Zero Trust and build rules based on user identity and group membership. Cloudflare Zero Trust supports Okta integrations using either the OIDC (default) or [SAML](/cloudflare-one/identity/idp-integration/okta-saml/) protocol.
+Okta provides cloud software that helps companies manage and secure user authentication to modern applications, and helps developers build identity controls into applications, website web services, and devices. You can integrate Okta with Cloudflare Zero Trust and build rules based on user identity and group membership. Cloudflare Zero Trust supports Okta integrations using either the OIDC (default) or [SAML](/cloudflare-one/integrations/identity-providers/okta-saml/) protocol.
Additionally, you can configure Okta to use risk information from Zero Trust [user risk scores](/cloudflare-one/insights/risk-score/) to create SSO-level policies. For more information, refer to [Send risk score to Okta](/cloudflare-one/insights/risk-score/#send-risk-score-to-okta).
@@ -95,7 +95,7 @@ The Okta integration allows you to synchronize IdP groups and automatically depr
- A second Okta application of type **SCIM 2.0 Test App (Header Auth)**. This is technically a SAML app but is responsible for sending user and group info via SCIM.
:::note
-If you would like to only maintain one Okta app instance, Okta does support SAML and SCIM within the same application. Create a [generic SAML integration](/cloudflare-one/identity/idp-integration/generic-saml/) and configure those values in the **Sign-On** field of your Okta SCIM application.
+If you would like to only maintain one Okta app instance, Okta does support SAML and SCIM within the same application. Create a [generic SAML integration](/cloudflare-one/integrations/identity-providers/generic-saml/) and configure those values in the **Sign-On** field of your Okta SCIM application.
:::
### 1. Enable SCIM in Zero Trust
@@ -151,7 +151,7 @@ If you would like to only maintain one Okta app instance, Okta does support SAML
15. In the **Push Groups** tab, add the Okta groups you want to synchronize with Cloudflare Access. These groups will display in the Access policy builder and are the group memberships that will be added and removed upon membership change in Okta.
:::note
- Groups in this SCIM app Push Groups integration should match the groups in your base [OIDC app integration](/cloudflare-one/identity/idp-integration/okta/#set-up-okta-as-an-oidc-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
+ Groups in this SCIM app Push Groups integration should match the groups in your base [OIDC app integration](/cloudflare-one/integrations/identity-providers/okta/#set-up-okta-as-an-oidc-provider). Because SCIM group membership updates will overwrite any groups in a user's identity, assigning the same groups to each app ensures consistent policy evaluation.
:::
To verify the integration, select **View Logs** in the Okta SCIM application.
diff --git a/src/content/docs/cloudflare-one/identity/one-time-pin.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/one-time-pin.mdx
similarity index 99%
rename from src/content/docs/cloudflare-one/identity/one-time-pin.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/one-time-pin.mdx
index 2155ee7a88bfc10..daafb6ee3a6a7ab 100644
--- a/src/content/docs/cloudflare-one/identity/one-time-pin.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/one-time-pin.mdx
@@ -2,7 +2,7 @@
pcx_content_type: how-to
title: One-time PIN login
sidebar:
- order: 2
+ order: 1
---
import { Tabs, TabItem, Render, APIRequest } from "~/components";
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/onelogin-oidc.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-oidc.mdx
similarity index 89%
rename from src/content/docs/cloudflare-one/identity/idp-integration/onelogin-oidc.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-oidc.mdx
index 82612d34e2d16ea..7b9c9f5809211a4 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/onelogin-oidc.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-oidc.mdx
@@ -48,9 +48,9 @@ OneLogin provides SSO identity management. Cloudflare Access supports OneLogin a
- **Client secret**: Enter your OneLogin client secret.
- **OneLogin account URL**: Enter your OneLogin domain, for example `https://.onelogin.com`.
-5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-oidc/#synchronize-users-and-groups).
+5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-oidc/#synchronize-users-and-groups).
-6. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to your user's identity.
+6. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to your user's identity.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/onelogin-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-saml.mdx
similarity index 91%
rename from src/content/docs/cloudflare-one/identity/idp-integration/onelogin-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-saml.mdx
index f264b4d3186e7ab..53581cbad438772 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/onelogin-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/onelogin-saml.mdx
@@ -57,9 +57,9 @@ OneLogin provides SSO identity management. Cloudflare Access supports OneLogin a
4. Input the details from your OneLogin account in the fields.
-5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-saml/#synchronize-users-and-groups).
+5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-saml/#synchronize-users-and-groups).
-6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/identity/idp-integration/generic-saml/#optional-configurations). If you added other SAML headers and attribute names to OneLogin, be sure to add them to Cloudflare.
+6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/integrations/identity-providers/generic-saml/#optional-configurations). If you added other SAML headers and attribute names to OneLogin, be sure to add them to Cloudflare.
7. Select **Save**.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/pingfederate-saml.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/pingfederate-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/pingfederate-saml.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/pingone-oidc.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/pingone-oidc.mdx
similarity index 80%
rename from src/content/docs/cloudflare-one/identity/idp-integration/pingone-oidc.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/pingone-oidc.mdx
index 1ac90aab59e4bac..a71ac033498843a 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/pingone-oidc.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/pingone-oidc.mdx
@@ -34,11 +34,11 @@ The PingOne cloud platform from PingIdentity provides SSO identity management. C
3. Select **PingOne**.
4. Input the **Client ID**, **Client Secret**, and **Environment ID** generated previously.
5. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/). PKCE will be performed on all login attempts.
-6. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-oidc/#synchronize-users-and-groups).
-7. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
+6. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-oidc/#synchronize-users-and-groups).
+7. (Optional) Under **Optional configurations**, enter [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims) that you wish to add to your users' identity.
8. Select **Save**.
-You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method.
+You can now [test your connection](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method.
## Example API configuration
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/pingone-saml.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/pingone-saml.mdx
similarity index 77%
rename from src/content/docs/cloudflare-one/identity/idp-integration/pingone-saml.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/pingone-saml.mdx
index 0d2305ac59a742f..504992c8c7b6b7d 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/pingone-saml.mdx
+++ b/src/content/docs/cloudflare-one/integrations/identity-providers/pingone-saml.mdx
@@ -45,7 +45,7 @@ The PingOne cloud platform from PingIdentity provides SSO identity management. C
| `givenName` | Given Name |
| `surName` | Family Name |
- These [SAML attributes](/cloudflare-one/identity/idp-integration/generic-saml/#saml-attributes) tell Cloudflare Access who the user is.
+ These [SAML attributes](/cloudflare-one/integrations/identity-providers/generic-saml/#saml-attributes) tell Cloudflare Access who the user is.
9. Set the application to **Active**.
@@ -59,10 +59,10 @@ The PingOne cloud platform from PingIdentity provides SSO identity management. C
4. Upload your PingOne XML metadata file.
-5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/identity/idp-integration/generic-saml/#synchronize-users-and-groups).
+5. (Optional) To enable SCIM, refer to [Synchronize users and groups](/cloudflare-one/integrations/identity-providers/generic-saml/#synchronize-users-and-groups).
-6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/identity/idp-integration/generic-saml/#optional-configurations).
+6. (Optional) Under **Optional configurations**, configure [additional SAML options](/cloudflare-one/integrations/identity-providers/generic-saml/#optional-configurations).
7. Select **Save**.
-You can now [test your connection](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
+You can now [test your connection](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) and create [Access policies](/cloudflare-one/policies/access/) based on the configured login method and SAML attributes.
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/signed_authn.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/signed_authn.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/signed_authn.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/signed_authn.mdx
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/yandex.mdx b/src/content/docs/cloudflare-one/integrations/identity-providers/yandex.mdx
similarity index 100%
rename from src/content/docs/cloudflare-one/identity/idp-integration/yandex.mdx
rename to src/content/docs/cloudflare-one/integrations/identity-providers/yandex.mdx
diff --git a/src/content/docs/cloudflare-one/integrations/index.mdx b/src/content/docs/cloudflare-one/integrations/index.mdx
new file mode 100644
index 000000000000000..db61948809e96ad
--- /dev/null
+++ b/src/content/docs/cloudflare-one/integrations/index.mdx
@@ -0,0 +1,14 @@
+---
+pcx_content_type: navigation
+title: Integrations
+sidebar:
+ order: 9
+ group:
+ hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+Integrate third-party applications and services with Cloudflare One.
+
+
diff --git a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform.mdx b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform.mdx
index 10e71d41aac2fe5..86e8a2d410902ad 100644
--- a/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform.mdx
+++ b/src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/deployment-guides/terraform.mdx
@@ -26,7 +26,7 @@ To complete the following procedure, you will need:
- [A Google Cloud Project](https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project)
- [A zone on Cloudflare](/fundamentals/manage-domains/add-site/)
-- Enabled [one-time PIN login](/cloudflare-one/identity/one-time-pin/) or integrated an [identity provider](/cloudflare-one/identity/idp-integration/)
+- Enabled [one-time PIN login](/cloudflare-one/integrations/identity-providers/one-time-pin/) or integrated an [identity provider](/cloudflare-one/integrations/identity-providers/)
## 1. Install Terraform
diff --git a/src/content/docs/cloudflare-one/policies/access/index.mdx b/src/content/docs/cloudflare-one/policies/access/index.mdx
index 0f68a3407b7db38..6352199c7c35829 100644
--- a/src/content/docs/cloudflare-one/policies/access/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/access/index.mdx
@@ -150,8 +150,8 @@ Non-identity attributes are polled continuously, meaning they are-evaluated with
| Login Methods | Checks the identity provider used at the time of login. | ✅ | ❌ | ✅ |
| Authentication Method | Checks the [multifactor authentication](/cloudflare-one/policies/access/mfa-requirements/) method used by the user, if supported by the identity provider. | ✅ | ❌ | ✅ |
| Identity provider group | Checks the user groups configured with your identity provider (IdP). This selector only displays if you use Microsoft Entra ID, GitHub, Google, Okta, or an IdP that provisions groups with [SCIM](/cloudflare-one/identity/users/scim/). | ✅ | ❌ | ✅ |
-| SAML Group | Checks a SAML attribute name / value pair. This selector only displays if you use a [generic SAML](/cloudflare-one/identity/idp-integration/generic-saml/) identity provider. | ✅ | ❌ | ✅ |
-| OIDC Claim | Checks an OIDC claim name / value pair. This selector only displays if you use a [generic OIDC](/cloudflare-one/identity/idp-integration/generic-oidc/) identity provider. | ✅ | ❌ | ✅ |
+| SAML Group | Checks a SAML attribute name / value pair. This selector only displays if you use a [generic SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) identity provider. | ✅ | ❌ | ✅ |
+| OIDC Claim | Checks an OIDC claim name / value pair. This selector only displays if you use a [generic OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) identity provider. | ✅ | ❌ | ✅ |
| Device posture | Checks [device posture signals](/cloudflare-one/identity/devices/) from the WARP client or a third-party service provider. | ✅ | ✅ | ❌ |
| Warp | Checks that the device is connected to WARP, including the consumer version. | ✅ | ✅ | ❌ |
| Gateway | Checks that the device is connected to your Zero Trust instance through the [WARP client](/cloudflare-one/team-and-resources/devices/warp/). | ✅ | ✅ | ❌ |
diff --git a/src/content/docs/cloudflare-one/policies/gateway/identity-selectors.mdx b/src/content/docs/cloudflare-one/policies/gateway/identity-selectors.mdx
index bb8b4e845c71fbd..1f47eef5c5c551b 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/identity-selectors.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/identity-selectors.mdx
@@ -94,7 +94,7 @@ In Gateway, a **User Group** refers to a group in your IdP (for example, an Okta
## IdP groups in Gateway
-Cloudflare Gateway can integrate with your organization's identity providers (IdPs). Before building a Gateway policy for IdP users or groups, be sure to [add the IdP as an authentication method](/cloudflare-one/identity/idp-integration/).
+Cloudflare Gateway can integrate with your organization's identity providers (IdPs). Before building a Gateway policy for IdP users or groups, be sure to [add the IdP as an authentication method](/cloudflare-one/integrations/identity-providers/).
Because IdPs expose user groups in different formats, reference the list below to choose the appropriate identity-based selector.
@@ -104,9 +104,9 @@ Because IdPs expose user groups in different formats, reference the list below t
| -------------- | ------------------------------------- |
| User Group IDs | `61503835-b6fe-4630-af88-de551dd59a2` |
-**Value** is the [Object Id](/cloudflare-one/identity/idp-integration/entra-id/#entra-groups-in-zero-trust-policies) for an Entra group.
+**Value** is the [Object Id](/cloudflare-one/integrations/identity-providers/entra-id/#entra-groups-in-zero-trust-policies) for an Entra group.
-If you enabled user and group synchronization with [SCIM](/cloudflare-one/identity/idp-integration/entra-id/#synchronize-users-and-groups), the synchronized groups will appear under _User Group Names_:
+If you enabled user and group synchronization with [SCIM](/cloudflare-one/integrations/identity-providers/entra-id/#synchronize-users-and-groups), the synchronized groups will appear under _User Group Names_:
| Selector | Value |
| ---------------- | ------------ |
@@ -126,17 +126,17 @@ If you enabled user and group synchronization with [SCIM](/cloudflare-one/identi
### Okta (OIDC)
-If you added Okta as an [OIDC provider](/cloudflare-one/identity/idp-integration/okta/), use the User Group Names selector:
+If you added Okta as an [OIDC provider](/cloudflare-one/integrations/identity-providers/okta/), use the User Group Names selector:
| Selector | Value |
| ---------------- | ----------- |
| User Group Names | `Marketing` |
-The Okta OIDC integration supports user and group synchronization with [SCIM](/cloudflare-one/identity/idp-integration/okta/#synchronize-users-and-groups).
+The Okta OIDC integration supports user and group synchronization with [SCIM](/cloudflare-one/integrations/identity-providers/okta/#synchronize-users-and-groups).
### Okta (SAML)
-If you added Okta as a [SAML provider](/cloudflare-one/identity/idp-integration/okta-saml/), use the SAML Attributes selector:
+If you added Okta as a [SAML provider](/cloudflare-one/integrations/identity-providers/okta-saml/), use the SAML Attributes selector:
| Selector | Attribute name | Attribute value |
| --------------- | -------------- | --------------- |
@@ -144,7 +144,7 @@ If you added Okta as a [SAML provider](/cloudflare-one/identity/idp-integration/
### Generic SAML IdP
-For a [generic SAML provider](/cloudflare-one/identity/idp-integration/generic-saml/), use the SAML Attribute selector:
+For a [generic SAML provider](/cloudflare-one/integrations/identity-providers/generic-saml/), use the SAML Attribute selector:
| Selector | Attribute name | Attribute value |
| --------------- | -------------- | --------------- |
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
index 4c30dbf4503c8f5..3eb6bfe3ca828ea 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -13,7 +13,7 @@ import { Details, InlineBadge, Render, Badge } from "~/components";
To enable this feature, download and deploy the [WARP client](/cloudflare-one/team-and-resources/devices/warp/deployment/) on your devices.
:::
-With Cloudflare Zero Trust, you can configure policies to control network-level traffic leaving your endpoints. Using network selectors like IP addresses and ports, your policies will control access to any network origin. Because Cloudflare Zero Trust [integrates with your identity provider](/cloudflare-one/identity/idp-integration/), it also gives you the ability to create identity-based network policies. This means you can now control access to non-HTTP resources on a per-user basis regardless of where they are or what device they access that resource from.
+With Cloudflare Zero Trust, you can configure policies to control network-level traffic leaving your endpoints. Using network selectors like IP addresses and ports, your policies will control access to any network origin. Because Cloudflare Zero Trust [integrates with your identity provider](/cloudflare-one/integrations/identity-providers/), it also gives you the ability to create identity-based network policies. This means you can now control access to non-HTTP resources on a per-user basis regardless of where they are or what device they access that resource from.
A network policy consists of an **Action** as well as a logical expression that determines the scope of the action. To build an expression, you need to choose a **Selector** and an **Operator**, and enter a value or range of values in the **Value** field. You can use **And** and **Or** logical operators to evaluate multiple conditions.
diff --git a/src/content/docs/cloudflare-one/setup.mdx b/src/content/docs/cloudflare-one/setup.mdx
index 0c5898a842b1004..ba5308a3e3f9248 100644
--- a/src/content/docs/cloudflare-one/setup.mdx
+++ b/src/content/docs/cloudflare-one/setup.mdx
@@ -28,7 +28,7 @@ Welcome to Cloudflare Zero Trust! You can now explore a list of one-click action
If you want to enable security features such as Browser Isolation, HTTP filtering, AV scanning, and device posture, or connect networks to Cloudflare, here are the next steps you need to take:
-1. **Set up a login method.** Configure [One-time PIN](/cloudflare-one/identity/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/identity/idp-integration/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Zero Trust setup.
+1. **Set up a login method.** Configure [One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/integrations/identity-providers/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Zero Trust setup.
2. **Next, define [device enrollment permissions](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/)**. Create device enrollment rules to define which users in your organization should be able to connect devices to your organization's Zero Trust setup. As you create your rule, you will be asked to select which login method you would like users to authenticate with.
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx
index a4efeb7ea40d46f..d0edd1b762d0eee 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions.mdx
@@ -51,7 +51,7 @@ If the user has an active browser session with the IdP, WARP will use the existi
### Supported IdPs
-- [Microsoft Entra ID](/cloudflare-one/identity/idp-integration/entra-id/#force-user-interaction-during-warp-reauthentication)
+- [Microsoft Entra ID](/cloudflare-one/integrations/identity-providers/entra-id/#force-user-interaction-during-warp-reauthentication)
## Manually reauthenticate
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
index 7151825bd84e1b9..b903c38ca707b76 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/deployment/mdm-deployment/parameters.mdx
@@ -23,7 +23,7 @@ For the majority of Cloudflare Zero Trust features to work, you need to specify
### `organization`
-Instructs the client to register the device with your organization. Registration requires authentication via an [IdP](/cloudflare-one/identity/idp-integration/) or [Service Auth](/cloudflare-one/identity/service-tokens/).
+Instructs the client to register the device with your organization. Registration requires authentication via an [IdP](/cloudflare-one/integrations/identity-providers/) or [Service Auth](/cloudflare-one/identity/service-tokens/).
**Value Type:** `string`
diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/set-up-warp.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/set-up-warp.mdx
index e1448e189acd5a0..61920ec180b43ea 100644
--- a/src/content/docs/cloudflare-one/team-and-resources/devices/warp/set-up-warp.mdx
+++ b/src/content/docs/cloudflare-one/team-and-resources/devices/warp/set-up-warp.mdx
@@ -24,7 +24,7 @@ As you complete the [Cloudflare Zero Trust onboarding](/cloudflare-one/setup/),
### 2. Set up a login method.
-Configure [One-time PIN](/cloudflare-one/identity/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/identity/idp-integration/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Cloudflare Zero Trust setup.
+Configure [One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/integrations/identity-providers/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Cloudflare Zero Trust setup.
### 3. Next, define device enrollment permissions.
@@ -40,7 +40,7 @@ Choose one of the [different ways](/cloudflare-one/team-and-resources/devices/wa
### 6. Log in to your organization's Cloudflare Zero Trust instance from your devices.
-Once the WARP client is installed on the device, [log in to your Zero Trust organization](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/). If you have already set up an identity provider in Cloudflare Access, the user will be prompted to authenticate using this method. If you have not set up an identity provider, the user can authenticate with a [one-time pin](/cloudflare-one/identity/one-time-pin/) which is enabled by default.
+Once the WARP client is installed on the device, [log in to your Zero Trust organization](/cloudflare-one/team-and-resources/devices/warp/deployment/manual-deployment/). If you have already set up an identity provider in Cloudflare Access, the user will be prompted to authenticate using this method. If you have not set up an identity provider, the user can authenticate with a [one-time pin](/cloudflare-one/integrations/identity-providers/one-time-pin/) which is enabled by default.
Next, build [Secure Web Gateway policies](/cloudflare-one/policies/gateway/) to filter DNS, HTTP, and Network traffic on your devices.
@@ -56,7 +56,7 @@ As you complete the [Cloudflare Zero Trust onboarding](/cloudflare-one/setup/),
### 2. Set up a login method.
-Configure [One-time PIN](/cloudflare-one/identity/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/identity/idp-integration/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Cloudflare Zero Trust setup.
+Configure [One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/integrations/identity-providers/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Cloudflare Zero Trust setup.
### 3. Next, define device enrollment permissions.
diff --git a/src/content/docs/cloudflare-one/tutorials/entra-id-conditional-access.mdx b/src/content/docs/cloudflare-one/tutorials/entra-id-conditional-access.mdx
index 17fdafc8918b772..184abbc67cfd6bf 100644
--- a/src/content/docs/cloudflare-one/tutorials/entra-id-conditional-access.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/entra-id-conditional-access.mdx
@@ -18,7 +18,7 @@ Make sure you have:
## Set up an identity provider for your application
-Refer to [our IdP setup instructions](/cloudflare-one/identity/idp-integration/entra-id/#set-up-entra-id-as-an-identity-provider) for Entra ID.
+Refer to [our IdP setup instructions](/cloudflare-one/integrations/identity-providers/entra-id/#set-up-entra-id-as-an-identity-provider) for Entra ID.
## Add API permission in Entra ID
diff --git a/src/content/docs/cloudflare-one/tutorials/entra-id-risky-users.mdx b/src/content/docs/cloudflare-one/tutorials/entra-id-risky-users.mdx
index fb5d9119bdae64f..faac9f3e4f9e1b9 100644
--- a/src/content/docs/cloudflare-one/tutorials/entra-id-risky-users.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/entra-id-risky-users.mdx
@@ -28,7 +28,7 @@ This tutorial demonstrates how to automatically redirect users to a remote brows
## 1. Set up Entra ID as an identity provider
-Refer to [our IdP setup instructions](/cloudflare-one/identity/idp-integration/entra-id/#set-up-entra-id-as-an-identity-provider) for Entra ID.
+Refer to [our IdP setup instructions](/cloudflare-one/integrations/identity-providers/entra-id/#set-up-entra-id-as-an-identity-provider) for Entra ID.
:::note
@@ -138,7 +138,7 @@ After the initial run, the auto-generated groups will appear in the Entra ID das
Next, synchronize Entra ID risky user groups with Cloudflare Access:
-1. [Enable SCIM synchronization](/cloudflare-one/identity/idp-integration/entra-id/#synchronize-users-and-groups).
+1. [Enable SCIM synchronization](/cloudflare-one/integrations/identity-providers/entra-id/#synchronize-users-and-groups).
2. In Entra ID, assign the following groups to your SCIM enterprise application:
- `IdentityProtection-RiskyUser-RiskLevel-high`
diff --git a/src/content/docs/cloudflare-one/tutorials/okta-u2f.mdx b/src/content/docs/cloudflare-one/tutorials/okta-u2f.mdx
index d29d7348e705126..4468b4df4bfe33c 100644
--- a/src/content/docs/cloudflare-one/tutorials/okta-u2f.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/okta-u2f.mdx
@@ -33,7 +33,7 @@ Before you begin, you'll need to follow [these instructions](/cloudflare-one/set
## Integrate Okta
-Follow [these instructions](/cloudflare-one/identity/idp-integration/okta/) to integrate Okta with your Cloudflare Access account. Once integrated, Access will be able to apply rules using identity, group membership, and multifactor method from Okta.
+Follow [these instructions](/cloudflare-one/integrations/identity-providers/okta/) to integrate Okta with your Cloudflare Access account. Once integrated, Access will be able to apply rules using identity, group membership, and multifactor method from Okta.
## Configure Okta for U2F
diff --git a/src/content/docs/cloudflare-one/tutorials/vnc-client-in-browser.mdx b/src/content/docs/cloudflare-one/tutorials/vnc-client-in-browser.mdx
index 0d0657c9744647b..25be272008d90af 100644
--- a/src/content/docs/cloudflare-one/tutorials/vnc-client-in-browser.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/vnc-client-in-browser.mdx
@@ -33,7 +33,7 @@ There are a number of VNC versions, deployments, and instances. This tutorial fo
1. [Add a website to Cloudflare.](/fundamentals/manage-domains/add-site/)
2. [Enable Cloudflare Zero Trust on your account.](/cloudflare-one/setup/)
-3. [Connect your identity provider to Cloudflare Zero Trust.](/cloudflare-one/identity/idp-integration/)
+3. [Connect your identity provider to Cloudflare Zero Trust.](/cloudflare-one/integrations/identity-providers/)
---
diff --git a/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx b/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx
index fdf9a7022925957..8700a788e0aa4fc 100644
--- a/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx
+++ b/src/content/docs/fundamentals/manage-members/dashboard-sso.mdx
@@ -34,9 +34,9 @@ Cloudflare Dashboard SSO is available for free to all plans.
## 1. Set up an IdP
-Add an IdP to Cloudflare Zero Trust by following [our detailed instructions](/cloudflare-one/identity/idp-integration/).
+Add an IdP to Cloudflare Zero Trust by following [our detailed instructions](/cloudflare-one/integrations/identity-providers/).
-Once you configure your IdP, make sure you also [test your IdP](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust).
+Once you configure your IdP, make sure you also [test your IdP](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust).
## 2. Register your domain with Cloudflare for SSO
@@ -51,14 +51,14 @@ Cloudflare recommends creating an [Account API token](/fundamentals/api/get-star
-2. If step 1 was successful, a button to add a new SSO domain will be present. Select the button to begin the process of adding a new SSO domain.
+2. If step 1 was successful, a button to add a new SSO domain will be present. Select the button to begin the process of adding a new SSO domain.
-3. Enter your email domain and select **Create** to move to the verification step.
+3. Enter your email domain and select **Create** to move to the verification step.
:::note
-Some top level domains, such as `.edu`, are prohibited from being used as SSO domains.
+Some top level domains, such as `.edu`, are prohibited from being used as SSO domains.
:::
@@ -107,7 +107,7 @@ Copy the verification code and create a TXT record in your DNS configuration wit
Cloudflare will automatically poll this DNS record until it is found or a timeout is reached within two days.
-If the verification process fails due to timeout, you can manually reinitiate the polling by selecting **Begin verification** in the actions menu for that connector in the list.
+If the verification process fails due to timeout, you can manually reinitiate the polling by selecting **Begin verification** in the actions menu for that connector in the list.
@@ -150,7 +150,7 @@ Domains that are associated with an already enabled connector belonging to a dif
-Enable the connector by selecting **Enable** in the Actions menu for that connector in the list.
+Enable the connector by selecting **Enable** in the Actions menu for that connector in the list.
@@ -222,7 +222,7 @@ This section describes how to restore access to the Cloudflare dashboard in case
### Option 1: Add a backup IdP
-If there is an issue with your SSO IdP provider, you can add an alternate IdP using the API. The following example shows how to add [Cloudflare One-time PIN](/cloudflare-one/identity/one-time-pin/) as a login method:
+If there is an issue with your SSO IdP provider, you can add an alternate IdP using the API. The following example shows how to add [Cloudflare One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) as a login method:
1. [Add](/api/resources/zero_trust/subresources/identity_providers/methods/create/) one-time PIN login:
@@ -283,13 +283,13 @@ Before disabling SSO, make sure you have access to your Cloudflare user email. T
-1. Navigate to the **Members** page.
+1. Navigate to the **Members** page.
-2. Select the actions menu for the SSO connector in the list and select **Disable**.
+2. Select the actions menu for the SSO connector in the list and select **Disable**.
-3. Type the domain of the connector and click confirm to complete the disable action.
+3. Type the domain of the connector and click confirm to complete the disable action.
@@ -359,7 +359,7 @@ Cloudflare does not allow you to change your t
-1. Navigate to the **Members** page.
+1. Navigate to the **Members** page.
diff --git a/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx b/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
index 5002b5e6ba098d5..143375138a0ba0f 100644
--- a/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
+++ b/src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx
@@ -114,7 +114,7 @@ Additionally, authenticated requests also send the `Cf-Access-Jwt-Assertion\` JW
## 4. Create the self-hosted applications
-Finally, the hostname you want to protect with mTLS needs to be added as a [self-hosted app](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) in Cloudflare Access, defining an [Access Policy](/cloudflare-one/policies/access/) which uses the action [Service Auth](/cloudflare-one/policies/access/#service-auth) and the Selector _"Valid Certificate"_, or simply requiring an [IdP](/cloudflare-one/identity/idp-integration/) authentication. You can also take advantage of extra requirements, such as the "Common Name" (CN), which expects the indicated hostname, and more [Selectors](/cloudflare-one/policies/access/#selectors). Alternatively, one can also [extend ZTNA with external authorization and serverless computing](/reference-architecture/diagrams/sase/augment-access-with-serverless/).
+Finally, the hostname you want to protect with mTLS needs to be added as a [self-hosted app](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) in Cloudflare Access, defining an [Access Policy](/cloudflare-one/policies/access/) which uses the action [Service Auth](/cloudflare-one/policies/access/#service-auth) and the Selector _"Valid Certificate"_, or simply requiring an [IdP](/cloudflare-one/integrations/identity-providers/) authentication. You can also take advantage of extra requirements, such as the "Common Name" (CN), which expects the indicated hostname, and more [Selectors](/cloudflare-one/policies/access/#selectors). Alternatively, one can also [extend ZTNA with external authorization and serverless computing](/reference-architecture/diagrams/sase/augment-access-with-serverless/).
## Demo
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
index b16bee0681ae60f..73339b447a2b46a 100644
--- a/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
+++ b/src/content/docs/learning-paths/secure-internet-traffic/build-network-policies/create-policy.mdx
@@ -7,7 +7,7 @@ sidebar:
import { Render } from "~/components";
-You can control network-level traffic by filtering requests by selectors such as IP addresses and ports. You can also integrate network policies with an [identity provider](/cloudflare-one/identity/idp-integration/) to apply identity-based filtering.
+You can control network-level traffic by filtering requests by selectors such as IP addresses and ports. You can also integrate network policies with an [identity provider](/cloudflare-one/integrations/identity-providers/) to apply identity-based filtering.
-Select the [**Identity providers**](/cloudflare-one/identity/idp-integration/) you want to enable for your application.
+Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
(Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
diff --git a/src/content/partials/cloudflare-one/access/error-401.mdx b/src/content/partials/cloudflare-one/access/error-401.mdx
index ffb4959a50c55bd..e786332cdc61eff 100644
--- a/src/content/partials/cloudflare-one/access/error-401.mdx
+++ b/src/content/partials/cloudflare-one/access/error-401.mdx
@@ -4,4 +4,4 @@
If you deleted the OAuth client (or the OAuth client expired) in Google, you will receive a `Error 401: deleted_client` authorization error.
-To fix this issue, complete steps 6 through 12 in the [Google](/cloudflare-one/identity/idp-integration/google/#set-up-google-as-an-identity-provider) guide and steps 9 through 15 in the [Google Workspace](/cloudflare-one/identity/idp-integration/google/#set-up-google-as-an-identity-provider) guide.
+To fix this issue, complete steps 6 through 12 in the [Google](/cloudflare-one/integrations/identity-providers/google/#set-up-google-as-an-identity-provider) guide and steps 9 through 15 in the [Google Workspace](/cloudflare-one/integrations/identity-providers/google/#set-up-google-as-an-identity-provider) guide.
diff --git a/src/content/partials/cloudflare-one/access/idp-integration-note.mdx b/src/content/partials/cloudflare-one/access/idp-integration-note.mdx
index 25d2f72c98f9cb9..4a55006b02d8d18 100644
--- a/src/content/partials/cloudflare-one/access/idp-integration-note.mdx
+++ b/src/content/partials/cloudflare-one/access/idp-integration-note.mdx
@@ -3,4 +3,4 @@ params:
- verb
---
-If you do not see your identity provider listed, these providers can typically still be enabled. If they support OIDC or OAuth, {props.verb} the [generic OIDC](/cloudflare-one/identity/idp-integration/generic-oidc/) option. If they support SAML, {props.verb} the [generic SAML](/cloudflare-one/identity/idp-integration/generic-saml/) option. Cloudflare supports all SAML and OIDC providers and can integrate with the majority of OAuth providers. If your provider supports both SAML and OIDC, we recommend OIDC for ease of configuration.
+If you do not see your identity provider listed, these providers can typically still be enabled. If they support OIDC or OAuth, {props.verb} the [generic OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) option. If they support SAML, {props.verb} the [generic SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) option. Cloudflare supports all SAML and OIDC providers and can integrate with the majority of OAuth providers. If your provider supports both SAML and OIDC, we recommend OIDC for ease of configuration.
diff --git a/src/content/partials/cloudflare-one/access/idp-integration.mdx b/src/content/partials/cloudflare-one/access/idp-integration.mdx
index 4caea952755c89d..047a16ec61d24df 100644
--- a/src/content/partials/cloudflare-one/access/idp-integration.mdx
+++ b/src/content/partials/cloudflare-one/access/idp-integration.mdx
@@ -16,7 +16,7 @@ import {Render, Tabs, TabItem} from "~/components"
4. Fill in the necessary fields to set up your identity provider.
- Each identity provider will have different required fields for you to fill in. Step-by-step instructions are shown in the dashboard side panel. Alternatively, refer to the [IdP-specific documentation](/cloudflare-one/identity/idp-integration/).
+ Each identity provider will have different required fields for you to fill in. Step-by-step instructions are shown in the dashboard side panel. Alternatively, refer to the [IdP-specific documentation](/cloudflare-one/integrations/identity-providers/).
5. Once you have filled in the necessary fields, select **Save**.
@@ -29,7 +29,7 @@ import {Render, Tabs, TabItem} from "~/components"
- Each identity provider integration has different required attributes. You will need to obtain these attribute values from your identity provider. For more information, refer to the [IdP-specific documentation](/cloudflare-one/identity/idp-integration/).
+ Each identity provider integration has different required attributes. You will need to obtain these attribute values from your identity provider. For more information, refer to the [IdP-specific documentation](/cloudflare-one/integrations/identity-providers/).
diff --git a/src/content/partials/cloudflare-one/access/okta-zt-steps.mdx b/src/content/partials/cloudflare-one/access/okta-zt-steps.mdx
index 12709339908f369..5a9851e38bb80df 100644
--- a/src/content/partials/cloudflare-one/access/okta-zt-steps.mdx
+++ b/src/content/partials/cloudflare-one/access/okta-zt-steps.mdx
@@ -16,7 +16,7 @@ import {} from "~/components"
14. (Optional) Create an Okta API token and enter it in Zero Trust (the token can be read-only). This will prevent your Okta groups from failing if you have more than 100 groups.
-15. (Optional) To configure [custom OIDC claims](/cloudflare-one/identity/idp-integration/generic-oidc/#custom-oidc-claims):
+15. (Optional) To configure [custom OIDC claims](/cloudflare-one/integrations/identity-providers/generic-oidc/#custom-oidc-claims):
1. In Okta, create a [custom authorization server](https://developer.okta.com/docs/guides/customize-authz-server/main/) and ensure that the `groups` scope is enabled.
2. In Zero Trust, enter the **Authorization Server ID** obtained from Okta.
3. Under **Optional configurations**, enter the claims that you wish to add to your users' identity.
@@ -25,4 +25,4 @@ import {} from "~/components"
17. Select **Save**.
-To [test](/cloudflare-one/identity/idp-integration/#test-idps-in-zero-trust) that your connection is working, select **Test**.
+To [test](/cloudflare-one/integrations/identity-providers/#test-idps-in-zero-trust) that your connection is working, select **Test**.
diff --git a/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx b/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx
index 2ada0b4daf76e9c..3de0f986a62b852 100644
--- a/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx
+++ b/src/content/partials/cloudflare-one/send-risk-scores-okta.mdx
@@ -4,7 +4,7 @@
First, configure Zero Trust to send user risk scores to Okta.
-1. Set up the [Okta SSO integration](/cloudflare-one/identity/idp-integration/okta/).
+1. Set up the [Okta SSO integration](/cloudflare-one/integrations/identity-providers/okta/).
2. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Authentication**.
3. In **Login methods**, locate your Okta integration and select **Edit**.
4. Turn on **Send risk score to Okta**.
diff --git a/src/content/partials/cloudflare-one/warp/device-enrollment.mdx b/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
index a957f53e387712f..7115c47fa160847 100644
--- a/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
+++ b/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
@@ -21,7 +21,7 @@ Device posture checks are not supported in device enrollment policies. WARP can
4. In the **Login methods** tab:
- a. Select the [identity providers](/cloudflare-one/identity/idp-integration/) users can authenticate with. If you have not integrated an identity provider, you can use the [one-time PIN](/cloudflare-one/identity/one-time-pin/).
+ a. Select the [identity providers](/cloudflare-one/integrations/identity-providers/) users can authenticate with. If you have not integrated an identity provider, you can use the [one-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/).
b. (Optional) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the Cloudflare Access login page. Instead, Cloudflare will redirect users directly to your SSO login event.
diff --git a/src/content/partials/learning-paths/zero-trust/configure-idp.mdx b/src/content/partials/learning-paths/zero-trust/configure-idp.mdx
index c515da532df99c2..21e92853d18e27b 100644
--- a/src/content/partials/learning-paths/zero-trust/configure-idp.mdx
+++ b/src/content/partials/learning-paths/zero-trust/configure-idp.mdx
@@ -9,7 +9,7 @@ An