AccessIdentityProviderConfigArgs

Your companies TLD

A list of SAML attribute names that will be added to your signed JWT token and can be used in SAML policy rules.

Your okta authorization server id

The authorization_endpoint URL of your IdP

Your centrify account url

Your centrify app id

The jwks_uri endpoint of your IdP to allow the IdP keys to sign the tokens

Custom claims

Your OAuth Client ID

Your OAuth Client Secret

Should Cloudflare try to load authentication contexts from your account

Your Azure directory uuid

The attribute name for email in the SAML response.

The claim name for email in the id_token response.

Add a list of attribute names that will be returned in the response header from the Access callback.

X509 certificate to verify the signature in the SAML authentication response

IdP Entity ID or Issuer URL

Your okta account url

Your OneLogin account url

Your PingOne environment identifier

Enable Proof Key for Code Exchange (PKCE)

Indicates the type of user interaction that is required. prompt=login forces the user to enter their credentials on that request, negating single-sign on. prompt=none is the opposite. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interactionrequired error. prompt=selectaccount interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether. Available values: "login", "select_account", "none".

OAuth scopes

Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.

URL to send the SAML authentication requests to

Should Cloudflare try to load groups from your account

The token_endpoint URL of your IdP