From 388b29ef872e651ed8342cee3dba52087a8f5dbe Mon Sep 17 00:00:00 2001 From: 4d62 Date: Tue, 21 Jan 2025 11:55:28 -0500 Subject: [PATCH] website/integrations: cloudflare-access: refactor (#12663) * website/integrations: cloudflare-access: rename A .mdx file is not needed for this integration. As a result, it has been renamed * website/integrations: cloudflare access: refactor main document * website/integrations: cloudflare-access: lint * Update website/integrations/services/cloudflare-access/index.md Co-authored-by: Tana M Berry Signed-off-by: 4d62 * website/integrations: all: install -> installation (#12676) * website/integrations: all: install -> installation * fix for new integr Signed-off-by: 4d62 --------- Signed-off-by: 4d62 * website/integrations: cloudflare-access: rename A .mdx file is not needed for this integration. As a result, it has been renamed --------- Signed-off-by: 4d62 Co-authored-by: Tana M Berry --- .../services/cloudflare-access/index.md | 44 ++++++++++++ .../services/cloudflare-access/index.mdx | 67 ------------------- 2 files changed, 44 insertions(+), 67 deletions(-) create mode 100644 website/integrations/services/cloudflare-access/index.md delete mode 100644 website/integrations/services/cloudflare-access/index.mdx diff --git a/website/integrations/services/cloudflare-access/index.md b/website/integrations/services/cloudflare-access/index.md new file mode 100644 index 0000000000..e7ac69399b --- /dev/null +++ b/website/integrations/services/cloudflare-access/index.md @@ -0,0 +1,44 @@ +--- +title: Integrate with Cloudflare Access +sidebar_label: Cloudflare Access +--- + +# Cloudflare Access + +Support level: Community + +## What is Cloudflare Access + +> Cloudflare Access is a secure, cloud-based zero-trust solution for managing and authenticating user access to internal applications and resources. +> +> -- https://www.cloudflare.com/zero-trust/products/access/ + +## Preparation + +The following placeholders are used in this guide: + +- `company.cloudflareaccess.com` is the FQDN of your Cloudflare Access subdomain. +- `authentik.company` is the FQDN of the authentik installation. + +To proceed, you need to register for a free Cloudflare Access account and have both a Cloudflare account and a publicly accessible authentik instance with a trusted SSL certificate. + +## authentik configuration + +1. From the Admin interface, navigate to **Applications** -> **Applications**. +2. Use the wizard to create a new application and provider. During this process: + - Note the **Client ID**, **Client Secret**, and **slug** values because they will be required later. + - Set a `Strict` redirect URI to `https://company.cloudflareaccess.com/cdn-cgi/access/callback`. + - Select any available signing key. + +## Cloudflare Access configuration + +1. Open the [Cloudflare Access dashboard](https://one.dash.cloudflare.com) and navigate to **Settings** -> **Authentication**. +2. Click **Login methods**, and then select **Add** -> **OpenID Connect**. +3. From the authentik provider you created earlier, copy the following details and paste them into the corresponding fields: + - **Client ID** -> App ID + - **Client Secret** -> Client Secret + - **Authorize URL** -> Auth URL + - **Token URL** -> Token URL + - **JWKS URL** -> Certificate URL +4. Click **Save**. +5. Click **Test** to verify the login provider. diff --git a/website/integrations/services/cloudflare-access/index.mdx b/website/integrations/services/cloudflare-access/index.mdx deleted file mode 100644 index 728c72bed3..0000000000 --- a/website/integrations/services/cloudflare-access/index.mdx +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Integrate with Cloudflare Access -sidebar_label: Cloudflare Access ---- - -# Cloudflare Access - -Support level: Community - -## What is Cloudflare Access - -> Cloudflare Access is a secure, cloud-based zero-trust solution for managing and authenticating user access to internal applications and resources. -> -> -- https://www.cloudflare.com/zero-trust/products/access/ - -## Preparation - -The following placeholders are used in this guide: - -- `company.cloudflareaccess.com` is the FQDN of your Cloudflare Access subdomain. -- `authentik.company` is the FQDN of the authentik installation. - -To proceed, you need to register for a free Cloudflare Access account and have both a Cloudflare account and a publicly accessible authentik instance with a trusted SSL certificate. - -## authentik configuration - -### Step 1: Log in to authentik - -1. Log in to your authentik instance. -2. Click **Admin interface**. - -### Step 2: Create a new authentication provider - -3. Under **Application**, click **Providers** and create a new provider. -4. Choose **OAuth2/OpenID Provider** and then click **Next**. -5. Set the authorization flow to **Authorize Application** (`default-provider-authorization-explicit-consent`). -6. Set the client type to **Confidential**. -7. Set the redirect URI to `https://company.cloudflareaccess.com/cdn-cgi/access/callback`. -8. Ensure that the signing key is set to **Authentik Self-signed Certificate**. -9. Click **Finish** to create the provider. - -### Step 3: Create a new application - -10. Create a new application and give it a name. -11. Set the provider to the one you just created. -12. Ensure that the **Policy engine mode** is set to **ANY, any policy must match to grant access**. -13. Click **Create** and then navigate to your [Cloudflare Access dashboard](https://one.dash.cloudflare.com). - -## Cloudflare Access configuration - -### Step 4: Configure Cloudflare Access - -1. Go to the Cloudflare One dashboard. -2. Click **Settings** at the bottom of the menu, then select **Authentication**. - -### Step 5: Add a login method - -3. From **Login methods** click **Add** and select **OpenID Connect"** -4. Enter a name for your login method. This can be anything. -5. Copy the following details from the authentik provider settings you previously created and paste them into the text boxes: - - **Client ID** -> App ID - - **Client Secret** -> Client Secret - - **Authorize URL** -> Auth URL - - **Token URL** -> Token URL - - **JWKS URL** -> Certificate URL -6. Click **Save**. -7. Click **Test** to verify your login provider.