eliott/authentik
1
0
Fork 0
mirror of https://github.com/goauthentik/authentik synced 2026-04-27 18:07:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7fcfb7e67d5df3e8a8a5da170f18fa4c6b98731
authentik/website/integrations/platforms/cloudflare/index.md
Dominic R e056dbdadd website/docs, integrations: fix language (#20338)
2026-02-17 09:03:07 +00:00

95 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Integrate with Cloudflare
sidebar_label: Cloudflare
support_level: community
---
## What is Cloudflare
> Cloudflare is a global cloud services provider that enhances the security, performance, and reliability of websites and applications through its content delivery network (CDN), DDoS protection, and web infrastructure solutions.
>
> -- https://www.cloudflare.com/
## Preparation
The following placeholders are used in this guide:
- `acmecorp.company` is the FQDN of your company's email domain.
- `authentik.company` is the FQDN of the authentik installation.
:::info
This documentation lists only the settings that you need to change from their default values. Be aware that any changes other than those explicitly mentioned in this guide could cause issues accessing your application.
:::
:::warning Prerequisites
Before proceeding, ensure you have a Cloudflare account and that authentik is already configured with Cloudflare Access, following the steps in our [integration guide](../../security/cloudflare-access/index.md).
:::
## Cloudflare configuration
1. Log in to the [Cloudflare Dashboard](https://dash.cloudflare.com) as an administrator.
2. Navigate to **My account** (sidebar) > **Account API tokens** and click **Create**.
3. Under **Create Custom Token**, select **Get Started**. Add an `Account` permission with the `SSO Connector: Edit` scope. Store this token securely; you will need it throughout this guide, and it can also be used to disable SSO if you are locked out. Complete the process by selecting **Continue to Summary**, then **Create Token**.
4. Copy your Cloudflare Account ID from the dashboard URL. For example, in `https://dash.cloudflare.com/<account_id>/home/domains`, the `<account_id>` value is what you need.
5. Export the following environment variables in your terminal:
```sh
export CLOUDFLARE_API_TOKEN=<your_api_token>
export CLOUDFLARE_ACCOUNT_ID=<your_account_id>
```
6. Create the SSO connector with the following command:
```sh
curl "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/sso_connectors" \
--request POST \
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
--json '{"email_domain":"acmecorp.company"}'
```
An example of a successful response:
```json
{
"result": {
"id": "<your_sso_connector_id>",
"enabled": false,
"email_domain": "acmecorp.company",
"created_on": "2025-09-25T21:05:20.462622Z",
"updated_on": "2025-09-25T21:05:20.462622Z",
"verification": {
"code": "cloudflare_dashboard_sso=11111111111111111111",
"status": "pending"
}
},
"success": true,
"errors": [],
"messages": []
}
```
7. Copy the `code` value and create a DNS TXT record containing it at the apex of your email domain.
8. Next, export your connector ID:
```sh
export CLOUDFLARE_SSO_CONNECTOR_ID=<your_sso_connector_id>
```
9. After the DNS record has propagated, enable the connector with the following command:
```sh
curl "https://api.cloudflare.com/client/v4/accounts/$CLOUDFLARE_ACCOUNT_ID/sso_connectors/$CLOUDFLARE_SSO_CONNECTOR_ID" \
--request PATCH \
--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
--json '{"enabled": true}'
```
## Configuration verification
To verify the integration, log in to your companys Cloudflare Access installation with authentik. A new application named **SSO App** should appear in the dashboard. Selecting it should redirect you to the Cloudflare Dashboard.
## Resources
- [Cloudflare Dashboard SSO Documentation](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/)
Reference in New Issue View Git Blame Copy Permalink