cloudflare · ranbel · Oct 23, 2025 · Oct 23, 2025 · Oct 23, 2025 · Oct 23, 2025
@@ -2386,6 +2386,8 @@
 /cloudflare-one/identity/users/session-management/ /cloudflare-one/team-and-resources/users/session-management/ 301
 /cloudflare-one/identity/users/seat-management/ /cloudflare-one/team-and-resources/users/seat-management/ 301
 /cloudflare-one/identity/users/scim/ /cloudflare-one/team-and-resources/users/scim/ 301
+/cloudflare-one/applications/login-page/ /cloudflare-one/reusable-components/custom-pages/access-login-page/ 301
+/cloudflare-one/applications/block-page/ /cloudflare-one/reusable-components/custom-pages/access-block-page/ 301
 /cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
 /cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 /cloudflare-one/policies/gateway/* /cloudflare-one/traffic-policies/:splat 301
@@ -2397,6 +2399,7 @@
 /cloudflare-one/identity/devices/service-providers/* /cloudflare-one/integrations/service-providers/:splat 301
 /cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/http-apps/:splat 301
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
+/cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301
 
 # Learning paths
 

@@ -24,7 +24,7 @@ However, if you want to update the Minimum TLS settings for all wildcard hostnam
 
 ## Enable mTLS
 
-Once you have [added a custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/), you can enable mTLS by using Cloudflare Access. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/) and [add mTLS authentication](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/) with a few clicks.
+Once you have [added a custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/), you can enable mTLS by using Cloudflare Access. Go to [Cloudflare Zero Trust](https://one.dash.cloudflare.com/) and [add mTLS authentication](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/) with a few clicks.
 
 :::note
 Currently, you cannot add mTLS policies for custom hostnames using [API Shield](/api-shield/security/mtls/).

@@ -107,7 +107,7 @@ Cloudflare Access automatically creates an Access application for each MCP serve
 3. To configure identity providers for the portal:
    1. Select the **Login methods** tab.
    2. Select the [identity providers](/cloudflare-one/integrations/identity-providers/) that you want to enable for your application.
-   3. (Recommended) If you plan to only allow access via a single identity provider, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+   3. (Recommended) If you plan to only allow access via a single identity provider, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
 4. To customize the block page:
    1. Select the **Experience settings** tab.
    2. <Render file="access/access-block-page" product="cloudflare-one" />

@@ -40,7 +40,7 @@ This feature replaces the legacy [private network app type](/cloudflare-one/acce
 8.  Configure how users will authenticate:
 
         1. Select the [**Identity providers**](/cloudflare-one/integrations/identity-providers/) you want to enable for your application.
-        2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/applications/login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
+        2. (Recommended) If you plan to only allow access via a single IdP, turn on **Instant Auth**. End users will not be shown the [Cloudflare Access login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/). Instead, Cloudflare will redirect users directly to your SSO login event.
         3. (Recommended) Turn on **WARP authentication identity** to allow users to authenticate to the application using their [WARP session identity](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). We recommend turning this on if your application is not in the browser and cannot handle a `302` redirect.
 
 9.  Select **Next**.

@@ -152,7 +152,7 @@ Non-identity attributes are polled continuously, meaning they are-evaluated with
 | Identity provider group  | Checks the user groups configured with your identity provider (IdP). This selector only displays if you use Microsoft Entra ID, GitHub, Google, Okta, or an IdP that provisions groups with [SCIM](/cloudflare-one/team-and-resources/users/scim/). | ✅               | ❌                               | ✅                       |
 | SAML Group               | Checks a SAML attribute name / value pair. This selector only displays if you use a [generic SAML](/cloudflare-one/integrations/identity-providers/generic-saml/) identity provider.                                                             | ✅               | ❌                               | ✅                       |
 | OIDC Claim               | Checks an OIDC claim name / value pair. This selector only displays if you use a [generic OIDC](/cloudflare-one/integrations/identity-providers/generic-oidc/) identity provider.                                                                | ✅               | ❌                               | ✅                       |
-| Device posture           | Checks [device posture signals](/cloudflare-one/identity/devices/) from the WARP client or a third-party service provider.                                                                                                                | ✅               | ✅                               | ❌                       |
+| Device posture           | Checks [device posture signals](/cloudflare-one/reusable-components/posture-checks/) from the WARP client or a third-party service provider.                                                                                                                | ✅               | ✅                               | ❌                       |
 | Warp                     | Checks that the device is connected to WARP, including the consumer version.                                                                                                                                                              | ✅               | ✅                               | ❌                       |
 | Gateway                  | Checks that the device is connected to your Zero Trust instance through the [WARP client](/cloudflare-one/team-and-resources/devices/warp/).                                                                                             | ✅               | ✅                               | ❌                       |
 

@@ -2,7 +2,7 @@
 pcx_content_type: navigation
 title: API and Terraform
 sidebar:
-  order: 11
+  order: 15
 ---
 
 import { DirectoryListing, Render } from "~/components";

@@ -8,7 +8,3 @@ sidebar:
 import { Render } from "~/components";
 
 <Render file="access/app-launcher" product="cloudflare-one" />
-
-## Tags
-
-<Render file="access/tags" product="cloudflare-one" />
@@ -41,7 +41,7 @@ You can configure access on a per-user or group basis by adding [identity-based
 
 Many Android applications (such as Google Drive) use <GlossaryTooltip term="certificate pinning" link="/ssl/reference/certificate-pinning/">certificate pinning</GlossaryTooltip>, which is incompatible with Gateway inspection. If needed, you can create a [Do Not Inspect policy](/cloudflare-one/traffic-policies/http-policies/#do-not-inspect) so that the app can continue to function on Android:
 
-1. Set up an [OS version device posture check](/cloudflare-one/identity/devices/warp-client-checks/os-version/) that checks for the Android operating system.
+1. Set up an [OS version device posture check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/os-version/) that checks for the Android operating system.
 
 2. Create the following HTTP policy in Gateway:
 

@@ -59,7 +59,7 @@ If the domain is only blocked by a network policy, it may be because:
 
 ## When does Access return a Forbidden status page versus a login page?
 
-Access returns a Forbidden page with status codes `401`/`403` when it determines there is no way a user can pass a [policy](/cloudflare-one/access-controls/policies/). If Cloudflare can make a full policy determination that a user will not be able to log in, Access will return a Forbidden page instead of a [login page](/cloudflare-one/applications/login-page/).
+Access returns a Forbidden page with status codes `401`/`403` when it determines there is no way a user can pass a [policy](/cloudflare-one/access-controls/policies/). If Cloudflare can make a full policy determination that a user will not be able to log in, Access will return a Forbidden page instead of a [login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/).
 
 For example, your application has a policy that requires a user to be in a [specific geolocation](/cloudflare-one/access-controls/policies/#allow) to log in.
 

@@ -6,9 +6,9 @@ sidebar:
 
 ---
 
-Posture logs show the [device posture check](/cloudflare-one/identity/devices/) results reported by the WARP client.
+Posture logs show the [device posture check](/cloudflare-one/reusable-components/posture-checks/) results reported by the WARP client.
 
-To view device posture logs, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **Posture**. Logs will only display if you have configured [device posture checks](/cloudflare-one/identity/devices/) for your Zero Trust organization.
+To view device posture logs, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Logs** > **Posture**. Logs will only display if you have configured [device posture checks](/cloudflare-one/reusable-components/posture-checks/) for your Zero Trust organization.
 
 Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/insights/logs/logpush/).
 
@@ -36,8 +36,8 @@ Enterprise users can generate more detailed logs with [Logpush](/cloudflare-one/
 
 | Field               | Description                                                                                                                                                         |
 | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Name**            | Name of the [device posture check](/cloudflare-one/identity/devices).                                                                                               |
-| **Type**            | Type of [WARP client check](/cloudflare-one/identity/devices/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
+| **Name**            | Name of the [device posture check](/cloudflare-one/reusable-components/posture-checks/).                                                                                               |
+| **Type**            | Type of [WARP client check](/cloudflare-one/reusable-components/posture-checks/warp-client-checks/) or [service provider check](/cloudflare-one/integrations/service-providers/). |
 | **Rule ID**         | UUID of the device posture check.                                                                                                                                   |
 | **Conditions met**  | Whether the device passed or failed the posture check criteria. Evaluates to `true` if the **Received values** match the **Expected values**.                       |
 | **Expected values** | Values required to pass the device posture check.                                                                                                                   |

@@ -46,7 +46,7 @@ To establish a secure, outbound-only connection to Cloudflare:
 
 ## 4. (Recommended) Create a Gateway policy
 
-You can configure [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to either block or allow access to the gRPC server. The following example consists of two policies: the first allows gRPC connections from devices that pass [device posture checks](/cloudflare-one/identity/devices/), and the second blocks all other traffic. Make sure that the Allow policy has higher [priority](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence).
+You can configure [Gateway network policies](/cloudflare-one/traffic-policies/network-policies/) to either block or allow access to the gRPC server. The following example consists of two policies: the first allows gRPC connections from devices that pass [device posture checks](/cloudflare-one/reusable-components/posture-checks/), and the second blocks all other traffic. Make sure that the Allow policy has higher [priority](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence).
 
 ### 1. Allow secured devices
 

@@ -1,8 +1,8 @@
 ---
 pcx_content_type: how-to
-title: Block page
+title: Access custom block pages
 sidebar:
-  order: 8
+  order: 4
 ---
 
 import { Render } from "~/components";

@@ -1,8 +1,8 @@
 ---
 pcx_content_type: how-to
-title: Login page
+title: Access login page
 sidebar:
-  order: 7
+  order: 3
 ---
 
 import { Render } from "~/components";

@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Custom pages
+sidebar:
+  order: 4
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
@@ -0,0 +1,12 @@
+---
+pcx_content_type: navigation
+title: Reusable components
+sidebar:
+  order: 11
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+<DirectoryListing />
@@ -10,5 +10,5 @@ These device posture checks can only be enforced for Cloudflare Access applicati
 | Device posture check                                                                            | macOS | Windows | Linux | iOS | Android/ChromeOS | [WARP mode](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-modes/) |
 | ----------------------------------------------------------------------------------------------- | ----- | ------- | ----- | --- | ---------------- | ---------------------------------------------------------------------------------------- |
 | [Microsoft Entra ID Conditional Access](/cloudflare-one/tutorials/entra-id-conditional-access/) | ✅    | ✅      | ❌    | ❌  | ❌               | WARP not required                                                                        |
-| [Mutual TLS](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/)   | ✅    | ✅      | ✅    | ✅  | ✅               | WARP not required                                                                        |
-| [Tanium](/cloudflare-one/identity/devices/access-integrations/tanium/)                          | ✅    | ✅      | ✅    | ❌  | ❌               | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |
+| [Mutual TLS](/cloudflare-one/reusable-components/posture-checks/access-integrations/mutual-tls-authentication/)   | ✅    | ✅      | ✅    | ✅  | ✅               | WARP not required                                                                        |
+| [Tanium](/cloudflare-one/reusable-components/posture-checks/access-integrations/tanium/)                          | ✅    | ✅      | ✅    | ❌  | ❌               | Gateway with WARP, Secure Web Gateway without DNS filtering, or Device Information Only  |
@@ -30,7 +30,7 @@ The Tanium integration cannot be used with [Gateway device posture policies](/cl
   	product="cloudflare-one"
   	params={{
   		name: "Access integrations",
-  		link: "/cloudflare-one/identity/devices/access-integrations/",
+  		link: "/cloudflare-one/reusable-components/posture-checks/access-integrations/",
   	}}
   />