cloudflare · Oxyjun · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025
@@ -7,4 +7,4 @@ Under **Block page**, choose what end users will see when they are denied access
 
 * **Cloudflare default**: Reload the [login page](/cloudflare-one/reusable-components/custom-pages/access-login-page/) and display a block message below the Cloudflare Access logo. The default message is `That account does not have access`, or you can enter a custom message.
 * **Redirect URL**: Redirect to the specified website.
-* **Custom page template**: Display a [custom block page](/cloudflare-one/reusable-components/custom-pages/access-block-page/) hosted in Zero Trust.
+* **Custom page template**: Display a [custom block page](/cloudflare-one/reusable-components/custom-pages/access-block-page/) hosted in Cloudflare One.
@@ -13,7 +13,7 @@ import {
 <Tabs syncKey="dashPlusAPI">
 <TabItem label="Dashboard">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications**.
 2. Select **Add an application**.
 3. Select **Infrastructure**.
 4. Enter any name for the application.

@@ -3,7 +3,7 @@ params:
   - product
 ---
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Service auth** > **Mutual TLS**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Service credentials** > **Mutual TLS**.
 
 2. Select **Add mTLS Certificate**.
 

@@ -16,7 +16,7 @@ To create a new target:</p>) :
 
 <Tabs syncKey="dashPlusAPI">
 <TabItem label="Dashboard">
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Targets**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Targets**.
 2. Select **Add a target**.
 3. In **Target hostname**, enter a user-friendly name for the <GlossaryTooltip term="target">target</GlossaryTooltip>. We recommend using the server hostname, for example `production-server`. The target hostname does not need to be unique and can be reused for multiple targets. Hostnames are used to define the targets secured by an Access application; they are not used for DNS address resolution.
 	<Details header="Hostname format restrictions">

@@ -18,25 +18,25 @@ By default, the App Launcher is disabled. To enable it, you must configure a pol
 
 To enable the App Launcher:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Access settings**.
 
-2. Under the **App Launcher** card, select **Manage**.
+2. Under the **Manage your App Launcher** card, select **Manage**.
 
-3. On the **Rules** tab, [build a rule](/cloudflare-one/access-controls/policies/) to define who can access your App Launcher portal. These rules do not impact permissions for the applications secured behind Access.
+3. On the **Policies** tab, [build a policy](/cloudflare-one/access-controls/policies/) to define who can access your App Launcher portal. These rules do not impact permissions for the applications secured behind Access.
 
 4. On the **Authentication** tab, choose the identity providers users can authenticate with.
 
 5. Select **Save**.
 
-The App Launcher is now available at `<your-team-name>.cloudflareaccess.com`. You can always edit your App Launcher rules by going to **Settings** > **Authentication**.
+The App Launcher is now available at `<your-team-name>.cloudflareaccess.com`. You can always edit your App Launcher rules by going to **Access controls** > **Access settings**.
 
 ## Add a tile to the App Launcher
 
-Tiles have a one-to-one relationship with each application you create in Access. The tile names displayed in the Access App Launcher portal correspond to the application names listed under **Access** > **Applications**. For example, if you create one application for general access to your Jira deployment and a separate application that restricts requests to a particular Jira path, a user authorized for both will see separate tiles for each. If you add multiple hostnames to a single application, the user will only see the domain selected in the application's **App Launcher** settings.
+Tiles have a one-to-one relationship with each application you create in Access. The tile names displayed in the Access App Launcher portal correspond to the application names listed under **Access controls** > **Applications**. For example, if you create one application for general access to your Jira deployment and a separate application that restricts requests to a particular Jira path, a user authorized for both will see separate tiles for each. If you add multiple hostnames to a single application, the user will only see the domain selected in the application's **App Launcher** settings.
 
 To show an Access application in the App Launcher:
 
-1.  In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications**.
+1.  In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications**.
 2.  Select an application and select **Configure**.
 3.  Go to **Experience settings**.
 4.  Select **Show application in App Launcher**. The App Launcher link will only appear for users who are allowed by your Access policies. Blocked users will not see the app in their App Launcher.
@@ -67,7 +67,7 @@ You can display your own branding, messages, and links to users when they open t
 
 To customize the App Launcher appearance:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom Pages**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Reusable components** > **Custom Pages**.
 2. Find the **Customize App Launcher** setting and select **Customize**.
 3. Give the App Launcher the look and feel of your organization by adding:
    - Your organization's name

@@ -31,7 +31,7 @@ Only available on Pay-as-you-go and Enterprise plans.
 
 To create a custom block page for Access:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom Pages**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Reusable components** > **Custom Pages**.
 
 2. Find the **Access Custom Pages** setting and select **Manage**.
 

@@ -3,11 +3,11 @@
 
 ---
 
-With Cloudflare Zero Trust, you can show applications on the [App Launcher](/cloudflare-one/access-controls/access-settings/app-launcher/) even if those applications are not secured behind Access. This way, users can access all the applications they need to work, all in one place — regardless of whether those applications are protected by Access.
+With Cloudflare One, you can show applications on the [App Launcher](/cloudflare-one/access-controls/access-settings/app-launcher/) even if those applications are not secured behind Access. This way, users can access all the applications they need to work, all in one place — regardless of whether those applications are protected by Access.
 
 Links to applications not protected by Access can be added as bookmarks. To add a bookmark:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Applications**.
 
 2. Select **Add an application** > **Bookmark**.
 

@@ -7,7 +7,7 @@ import { Tabs, TabItem, Details, APIRequest } from '~/components';
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Service Auth** > **Service Tokens**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Service credentials** > **Service Tokens**.
 
 2. Select **Create Service Token**.
 

@@ -6,7 +6,7 @@ import { Render } from "~/components";
 
 <Render file="clientless-browser-isolation" product="cloudflare-one" />
 
-3. Go to **Access** > **Applications**.
+3. Go to **Access controls** > **Applications**.
 4. Choose a [self-hosted application](/cloudflare-one/access-controls/applications/http-apps/self-hosted-public-app/) and select **Configure**.
 5. Go to **Policies**.
 6. Choose an [Allow policy](/cloudflare-one/access-controls/policies/) and select **Configure**.

@@ -6,7 +6,7 @@ params:
 
 import { Markdown } from "~/components"
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Identity providers**.
 
 2. Find the {props.idp} integration and select **Edit**.
 
@@ -15,8 +15,8 @@ import { Markdown } from "~/components"
 4. (Optional) Configure the following settings:
 
 * **Enable user deprovisioning**: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when they are removed from the SCIM application in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/).
-* **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/team-and-resources/users/seat-management/) from your Zero Trust account when they are removed from the SCIM application in {props.idp}.
-* **SCIM identity update behavior**: Choose what happens in Zero Trust when the user's identity updates in {props.idp}.
+* **Remove user seat on deprovision**: [Remove a user's seat](/cloudflare-one/team-and-resources/users/seat-management/) from your Cloudflare One account when they are removed from the SCIM application in {props.idp}.
+* **SCIM identity update behavior**: Choose what happens in Cloudflare One when the user's identity updates in {props.idp}.
 	- _Automatic identity updates_: Automatically update the [User Registry identity](/cloudflare-one/insights/logs/users/) when {props.idp} sends an updated identity or group membership through SCIM. This identity is used for Gateway policies and WARP [device profiles](/cloudflare-one/team-and-resources/devices/warp/configure-warp/device-profiles/); Access will read the user's updated identity when they reauthenticate.
 	- _Group membership change reauthentication_: [Revoke a user's active session](/cloudflare-one/access-controls/access-settings/session-management/#per-user) when their group membership changes in {props.idp}. This will invalidate all active Access sessions and prompt for reauthentication for any [WARP session policies](/cloudflare-one/team-and-resources/devices/warp/configure-warp/warp-sessions/). Access will read the user's updated group membership when they reauthenticate.
 	- _No action_: Update the user's identity the next time they reauthenticate to Access or WARP.

@@ -6,9 +6,9 @@ import {Render, Tabs, TabItem} from "~/components"
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Identity providers**.
 
-2. In the **Login methods** card, select **Add new**.
+2. In the **Your identity providers** card, select **Add new identity provider**.
 
 3. Select the identity provider you want to add.
 
@@ -25,7 +25,7 @@ import {Render, Tabs, TabItem} from "~/components"
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
 
-2. Add an identity provider to Zero Trust using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource. For example, to add a Microsoft Entra ID integration:
+2. Add an identity provider to Cloudflare One using the [`cloudflare_zero_trust_access_identity_provider`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/zero_trust_access_identity_provider) resource. For example, to add a Microsoft Entra ID integration:
 
 		<Render file="access/entra-id-terraform" product="cloudflare-one" />
 

@@ -5,9 +5,9 @@
 
 To change the appearance of your login page:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom Pages**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Reusable components** > **Custom pages**.
 
-2. Find the **Login page** setting and select **Customize**.
+2. Find the **Access login page** setting and select **Manage**.
 
 3. Give the login page the look and feel of your organization by adding:
 

@@ -4,9 +4,9 @@
 
 import {} from "~/components"
 
-11. In [Zero Trust](https://one.dash.cloudflare.com), go to **Settings** > **Authentication**.
+11. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Integrations** > **Identity providers**.
 
-12. Under **Login methods**, select **Add new**. Select **Okta** as your identity provider.
+12. Under **Your identity providers**, select **Add new identity provider**. Select **Okta** as your identity provider.
 
 13. Fill in the following information:
     - **Name**: Name your identity provider.

@@ -8,7 +8,7 @@ To create an Access rule group:
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Rule groups**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Policies**, and select the **Rule groups** tab.
 2. Select **Add a group**.
 3. Enter a name for the group (for example, `Lisbon-team`).
 4. Specify as many rules as needed to define your user group. For example, the following rules define a team based in Lisbon, Portugal:

@@ -6,8 +6,8 @@ inputParameters: uiLocation;;stepIntro
 1. In Miro, select your profile picture > **Settings** > <strong>{props.one}</strong>.
 2. Turn on **SSO/SAML**.
 3. Fill in the following fields:
-   * **SAML Sign-in URL**: SSO endpoint from application configuration in Cloudflare Zero Trust
-   * **Key x509 Certificate**: Public key from application configuration in Cloudflare Zero Trust
+   * **SAML Sign-in URL**: SSO endpoint from application configuration in Cloudflare One
+   * **Key x509 Certificate**: Public key from application configuration in Cloudflare One
 4. In **Domain**, enter the domain you want to configure SSO for and select **Enter**.
 5. {props.two} an email address from that domain and select **send verification**.
 6. Once you receive a verification email, select the link in the email, then select **Save**. When the domain is successfully configured, the **VERIFY EMAIL** label next to the domain in the SSO/SAML configuration page will disappear.

@@ -6,7 +6,7 @@ params:
 
 import { Render } from "~/components"
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Applications**.
 
 2. Select **Add an application**.
 

@@ -9,8 +9,8 @@ You can label an Access application with up to 25 custom tags. End users can the
 
 To create a new tag:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Tags**.
-2. Select **Add tags**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Reusable components** > **Tags**.
+2. Select **Add a tag**.
 3. Enter up to 35 alphanumeric characters for the tag (for example, `Human Resources`) and select it in the dropdown menu.
 4. Select **Save**.
 
@@ -20,7 +20,7 @@ You can now [add this tag](#tag-an-access-application) to an Access application.
 
 To add a tag to an existing Access application:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications**.
 2. Select an application and select **Configure**.
 3. Go to **Experience settings**.
 4. In the **Tags** dropdown, select the tags that you would like to assign to this application. The tag must be [created](#create-a-tag) before you can select it in the dropdown.

@@ -4,6 +4,6 @@
 
 import { Render } from "~/components";
 
-To check if user identities were updated in Zero Trust, view your [SCIM provisioning logs](/cloudflare-one/insights/logs/scim-logs/).
+To check if user identities were updated in Cloudflare One, view your [SCIM provisioning logs](/cloudflare-one/insights/logs/scim-logs/).
 
 <Render file="access/scim-requires-login" product="cloudflare-one" />
@@ -15,7 +15,7 @@ To organize applications into their approval status for your organization, you c
 
 To set the status of an application:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My team** > **App Library**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Applications**.
 2. Locate the card for the application.
 3. In the three-dot menu, select the option to mark your desired status.
 

@@ -4,7 +4,7 @@
 
 To connect a compute account to your AWS integration:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** > **Integrations**.
 2. Find and select your AWS integration.
 3. Select **Open connection instructions**.
 4. Follow the instructions provided to connect a new compute account.

@@ -10,7 +10,7 @@ Before you can integrate a SaaS application or cloud environment with CASB, your
 
 ### Add an integration
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **CASB** > **Integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Cloud & SaaS findings** > **Integrations**.
 2. Select **Connect an integration** or **Add integration**.
 3. Browse the available integrations and select the application you would like to add.
 4. Follow the step-by-step integration instructions in the UI.
@@ -22,7 +22,7 @@ Once CASB detects at least one finding, you can [view and manage your findings](
 
 ### Pause an integration
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **CASB** > **Integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Cloud & SaaS findings** > **Integrations**.
 2. Find the integration you would like to pause and select **Configure**.
 3. To stop scanning the application, turn off **Scan for findings**.
 4. Select **Save integration**.
@@ -35,7 +35,7 @@ You can resume CASB scanning at any time by turning on **Scan for findings**.
 When you delete an integration, all keys and OAuth data will be deleted. This means you cannot restore a deleted integration or its scanned data.
 :::
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **CASB** > **Integrations**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Cloud & SaaS findings** > **Integrations**.
 2. Find the integration you would like to delete and select **Configure**.
 3. Select **Disenroll**.
 

@@ -1,6 +1,6 @@
 import { GlossaryTooltip, DashButton } from "~/components";
 
-1. In the [Cloudflare dashboard](https://dash.cloudflare.com/), select **Zero Trust**.
+1. In the [Cloudflare dashboard](https://dash.cloudflare.com/), select **Cloudflare One**.
 
    <DashButton url="https://one.dash.cloudflare.com" />
 

@@ -3,5 +3,6 @@
 
 ---
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Browser Isolation**.
-2. Enable **Clientless Web Isolation**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Browser isolation** > **Browser isolation settings**.
+2. Under **Manage remote browser permissions**, select **Manage**.
+3. Enable **Clientless Web Isolation**.
@@ -4,7 +4,7 @@
 
 import { Details } from "~/components";
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **DLP profiles**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Data loss prevention** > **Profiles**.
 
 2. Select **Create profile**.
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,7 +3,7 @@ params: @@
       - product
     ---
-. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Service auth** > **Mutual TLS**.
+. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Service credentials** > **Mutual TLS**.
 . Select **Add mTLS Certificate**.
@@ Expand Down @@