cloudflare · Oxyjun · Oct 28, 2025 · Oct 28, 2025
@@ -50,7 +50,7 @@ There are three ways you can resolve this error:
 
 You can configure Cloudflare to send OPTIONS requests directly to your origin server. To bypass Access for OPTIONS requests:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Applications**.
 2. Locate the origin that will be receiving OPTIONS requests and select **Configure**.
 3. Go to **Advanced settings** > **Cross-Origin Resource Sharing (CORS) settings**.
 4. Turn on **Bypass options requests to origin**. This will remove all existing CORS settings for this application.
@@ -63,7 +63,7 @@ You can configure Cloudflare to respond to the OPTIONS request on your behalf. T
 
 To configure how Cloudflare responds to preflight requests:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Applications**.
 
 2. Locate the origin that will be receiving OPTIONS requests and select **Configure**.
 
@@ -84,7 +84,7 @@ To configure how Cloudflare responds to preflight requests:
    ```
 
    then go to `api.mysite.com` in Access and configure **Access-Control-Allow-Origin**, **Access-Control-Allow-Credentials**, **Access-Control-Allow-Methods**, and **Access-Control-Allow-Headers**.
-   ![Example CORS settings configuration in Zero Trust](~/assets/images/cloudflare-one/policies/CORS-settings.png)
+   ![Example CORS settings configuration in Cloudflare One](~/assets/images/cloudflare-one/policies/CORS-settings.png)
 
 5. Select **Save application**.
 
@@ -130,9 +130,9 @@ Follow [these instructions](/cloudflare-one/access-controls/service-credentials/
 
 ### 2. Add a Service Auth policy
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications**.
 
-2. Find your `api.mysite.com` application and select **Edit**.
+2. Find your `api.mysite.com` application and select **Configure**.
 
 3. Select the **Policies** tab.
 

@@ -79,11 +79,11 @@ Cloudflare Access provides optional security settings that can be added to the b
 
 To enable these settings:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Applications**.
 
-2. Locate the application you would like to configure and select **Edit**.
+2. Locate the application you would like to configure and select **Configure**.
 
-3. Select **Settings** and scroll down to **Cookie settings**.
+3. Select **Advanced settings** and scroll down to **Cookie settings**.
 
 4. Configure the desired cookie settings.
 

@@ -13,7 +13,7 @@ Cloudflare signs the token with a key pair unique to your account. You should va
 
 ## Access signing keys
 
-The public key for the signing key pair is located at `https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/certs`, where `<your-team-name>` is your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
+The public key for the signing key pair is located at `https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/certs`, where `<your-team-name>` is your Cloudflare One <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
 
 By default, Access rotates the signing key every 6 weeks. This means you will need to programmatically or manually update your keys as they rotate. Previous keys remain valid for 7 days after rotation to allow time for you to make the update.
 
@@ -96,7 +96,7 @@ Cloudflare Access assigns a unique AUD tag to each application. The `aud` claim
 
 To get the AUD tag:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Access** > **Applications**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Access controls** > **Applications**.
 2. Select **Configure** for your application.
 3. From the **Basic information** tab, copy the **Application Audience (AUD) Tag**.
 

@@ -12,7 +12,7 @@ import {
 	DashButton,
 } from "~/components";
 
-You can provide automated systems with service tokens to authenticate against your Zero Trust policies. Cloudflare Access will generate service tokens that consist of a Client ID and a Client Secret. Automated systems or applications can then use these values to reach an application protected by Access.
+You can provide automated systems with service tokens to authenticate against your Cloudflare One policies. Cloudflare Access will generate service tokens that consist of a Client ID and a Client Secret. Automated systems or applications can then use these values to reach an application protected by Access.
 
 This section covers how to create, renew, and revoke a service token.
 
@@ -98,7 +98,7 @@ Service tokens expire according to the token duration you selected when you crea
 
 To renew the service token:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Service auth** > **Service Tokens**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Service credentials** > **Service Tokens**.
 2. Locate the token you want to renew.
 3. To extend the token's lifetime by one year, select **Refresh**.
 4. To extend the token's lifetime by more than a year:
@@ -110,7 +110,7 @@ To renew the service token:
 
 If you need to revoke access before the token expires, simply delete the token.
 
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Service auth** > **Service Tokens**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com), go to **Access controls** > **Service credentials** > **Service Tokens**.
 2. **Delete** the token you need to revoke.
 
 Services that rely on a deleted service token can no longer reach your application.

@@ -7,23 +7,23 @@ sidebar:
 
 import { DirectoryListing, Render } from "~/components";
 
-This section covers a few common use cases with the API and Terraform to manage Cloudflare Zero Trust. For more information, refer to our [API documentation](/api/) and [Terraform reference guide](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).
+This section covers a few common use cases with the API and Terraform to manage Cloudflare One. For more information, refer to our [API documentation](/api/) and [Terraform reference guide](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).
 
 <DirectoryListing />
 
 ## Set dashboard to read-only
 
-Super Administrators can lock all settings as read-only in Zero Trust. Read-only mode ensures that all updates for the account are made through the API or Terraform.
+Super Administrators can lock all settings as read-only in Cloudflare One. Read-only mode ensures that all updates for the account are made through the API or Terraform.
 
 To enable read-only mode:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Account**.
-2. Enable **API/Terraform read-only mode**.
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Settings** > **Admin controls**.
+2. Enable **Set dashboard to read-only**.
 
 All users, regardless of [user permissions](/cloudflare-one/roles-permissions/), will be prevented from making configuration changes through the UI.
 
 ## Scoped API tokens
 
-The administrators managing policies and groups in Cloudflare Zero Trust might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Zero Trust settings without having permission to modify other configurations in Cloudflare.
+The administrators managing policies and groups in Cloudflare One might be different from those responsible for configuring WAF custom rules or other Cloudflare settings. You can configure scoped API tokens so that team members and automated systems can manage Cloudflare One settings without having permission to modify other configurations in Cloudflare.
 
 You can create a scoped API token [via the dashboard](/fundamentals/api/get-started/create-token/) or [via the API](/fundamentals/api/how-to/create-via-api/). For a list of available token permissions, refer to [API token permissions](/fundamentals/api/reference/permissions/).
@@ -7,6 +7,6 @@ sidebar:
 
 import { Glossary, Render } from "~/components";
 
-Review definitions for Cloudflare Zero Trust terms.
+Review definitions for Cloudflare One terms.
 
 <Glossary product="cloudflare-one" />
@@ -7,7 +7,7 @@ sidebar:
 
 import { Render } from "~/components";
 
-This guide covers the recommended steps to start securing your users and devices with Cloudflare Zero Trust.
+This guide covers the recommended steps to start securing your users and devices with Cloudflare One.
 
 :::note
 
@@ -18,26 +18,26 @@ To get started with a specific use case, refer to our [implementation guides](/c
 
 Sign up for a [Cloudflare account](https://dash.cloudflare.com/sign-up).
 
-## Create a Zero Trust organization
+## Create a Cloudflare One organization
 
 <Render file="choose-team-name" product="cloudflare-one" />
 
-Welcome to Cloudflare Zero Trust! You can now explore a list of one-click actions we have designed to help you kickstart your Zero Trust experience.
+Welcome to Cloudflare One! You can now explore a list of one-click actions we have designed to help you kickstart your Cloudflare One experience.
 
 ## Install the WARP client on your devices
 
 If you want to enable security features such as Browser Isolation, HTTP filtering, AV scanning, and device posture, or connect networks to Cloudflare, here are the next steps you need to take:
 
-1. **Set up a login method.** Configure [One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/integrations/identity-providers/) in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Zero Trust setup.
+1. **Set up a login method.** Configure [One-time PIN](/cloudflare-one/integrations/identity-providers/one-time-pin/) or connect a [third-party identity provider](/cloudflare-one/integrations/identity-providers/) in Cloudflare One. This is the login method your users will utilize when authenticating to add a new device to your Cloudflare One setup.
 
-2. **Next, define [device enrollment permissions](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/)**. Create device enrollment rules to define which users in your organization should be able to connect devices to your organization's Zero Trust setup. As you create your rule, you will be asked to select which login method you would like users to authenticate with.
+2. **Next, define [device enrollment permissions](/cloudflare-one/team-and-resources/devices/warp/deployment/device-enrollment/)**. Create device enrollment rules to define which users in your organization should be able to connect devices to your organization's Cloudflare One setup. As you create your rule, you will be asked to select which login method you would like users to authenticate with.
 
 3. **Install the [Cloudflare root certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/) on your devices.** Advanced security features including HTTP traffic inspection require users to install and trust the Cloudflare root certificate on their machine or device. If you are installing certificates manually on all your devices, these steps will need to be performed on each new device that is to be subject to HTTP filtering.
 
 4. **[Download](/cloudflare-one/team-and-resources/devices/warp/download-warp/) and deploy the WARP client to your devices**. Choose one of the [different ways](/cloudflare-one/team-and-resources/devices/warp/deployment/) to deploy the WARP client, depending on what works best for your organization.
 
-5. **Log in to your organization's Cloudflare Zero Trust instance from your devices**. On your device, go to the Settings section in the WARP client and insert your organization's team name.
+5. **Log in to your organization's Cloudflare One instance from your devices**. On your device, go to the Settings section in the WARP client and insert your organization's team name.
 
-Your devices are now connected to Cloudflare Zero Trust through the WARP client. You can go to **My Team** > **Devices** to find a list of your enrolled devices, when they were last seen, and the WARP client version they are running.
+Your devices are now connected to Cloudflare One through the WARP client. You can go to **Team & Resources** > **Devices** to find a list of your enrolled devices, when they were last seen, and the WARP client version they are running.
 
 Next, [enforce security policies](/cloudflare-one/traffic-policies/) on your traffic and access requests.
@@ -7,9 +7,9 @@ sidebar:
 
 import { Render, GlossaryTooltip } from "~/components";
 
-The Application Library allows users to manage their SaaS applications in Cloudflare Zero Trust by consolidating views across all relevant products: [Gateway](/cloudflare-one/traffic-policies/), [Access](/cloudflare-one/access-controls/policies/), and [Cloud Access Security Broker (CASB)](/cloudflare-one/integrations/cloud-and-saas/). The App Library provides visibility and control for available applications, as well as the ability to view categorized hostnames and manage configuration for Access for SaaS and Gateway policies. For example, you can use the App Library to review how Gateway uses specific hostnames to match against application traffic.
+The Application Library allows users to manage their SaaS applications in Cloudflare One by consolidating views across all relevant products: [Gateway](/cloudflare-one/traffic-policies/), [Access](/cloudflare-one/access-controls/policies/), and [Cloud Access Security Broker (CASB)](/cloudflare-one/integrations/cloud-and-saas/). The App Library provides visibility and control for available applications, as well as the ability to view categorized hostnames and manage configuration for Access for SaaS and Gateway policies. For example, you can use the App Library to review how Gateway uses specific hostnames to match against application traffic.
 
-To access the App Library in [Zero Trust](https://one.dash.cloudflare.com/), go to **My team** > **App Library**. Each application card will list the number of hostnames associated with the application, the supported Zero Trust product usage, and the [app type](/cloudflare-one/traffic-policies/application-app-types/#app-types).
+To access the App Library in [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Application library**. Each application card will list the number of hostnames associated with the application, the supported Cloudflare One product usage, and the [app type](/cloudflare-one/traffic-policies/application-app-types/#app-types).
 
 The App Library groups [Do Not Inspect applications](/cloudflare-one/traffic-policies/application-app-types/#do-not-inspect-applications) within the corresponding application. For example, the App Library will group _Google Drive (Do Not Inspect)_ under **Google Drive**. Traffic that does not match a known application will not be included in the App Library.
 
@@ -25,7 +25,7 @@ The **Overview** tab shows details about an application, including:
 - Shadow IT [review status](#review-applications)
 - Number of hostnames
 - [App type](/cloudflare-one/traffic-policies/application-app-types/#app-types)
-- Supported Zero Trust applications
+- Supported Cloudflare One applications
 - Application ID for use with the API and Terraform
 
 ### Findings
@@ -40,7 +40,7 @@ The **Policies** tab shows any [Gateway](/cloudflare-one/traffic-policies/) and
 
 The **Usage** tab shows any logs for [Gateway traffic requests](/cloudflare-one/insights/logs/gateway-logs/), [Access authentication events](/cloudflare-one/insights/logs/audit-logs/#authentication-logs), [Shadow IT Discovery user sessions](/cloudflare-one/insights/analytics/shadow-it-discovery/), and [generative AI prompt logs](/cloudflare-one/data-loss-prevention/dlp-policies/logging-options/#view-prompt-logs) sent to the selected application. This section requires logs to be turned on for each feature.
 
-The Shadow IT Discovery dashboard will provide more details for discovered applications. To access Shadow IT Discovery in [Zero Trust](https://one.dash.cloudflare.com/), go to **Analytics**, then select **Shadow IT Discovery**.
+The Shadow IT Discovery dashboard will provide more details for discovered applications. To access Shadow IT Discovery in [Cloudflare One](https://one.dash.cloudflare.com/), go to **Insights** > **Dashboards**, then select **Shadow IT: SaaS analytics** or **Shadow IT: Private Network analytics**.
 
 ## Review applications
 
@@ -56,7 +56,7 @@ The scoring system evaluates applications across multiple security, compliance,
 
 To view an application's confidence scorecard:
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **My team** > **App Library**
+1. In [Cloudflare One](https://one.dash.cloudflare.com/), go to **Team & Resources** > **Application library**
 2. Find the application you would like to review or search it by name.
 3. Review the Application Posture Score and the Generative AI Posture Score which are generated on the application card.