Cloudflare Access: Identity and Access Management

Secure Application Access Without a VPN

Secure, authenticate, and monitor user access to any domain, application, or path on Cloudflare.

Quickly apply application-level user access permissions using existing single sign-on providers.

Ensure compliance using real-time access logs available in the dashboard, API, or using a SIEM.

Already a customer? Activate Today

access illustration v2

Enforcing Granular User Access to Internal Applications

Securing internal applications for remote employees and contractors is:

  • Cumbersome to deploy and maintain
  • Missing granular access controls
  • Slow for users on mobile devices

Cloudflare Access improves security, reduces costs, and protects internal resources by securing, authenticating, and monitoring access per-user and by application. Setup access policies in minutes to ensure that only authenticated users with the required permissions are able to access specific resources.

access user access control

Control User Access to Applications

Enforce access to specific applications on a per-user basis with easy-to-create and manage rules. Adding and removing access to applications doesn’t require adding one-off groups or creating extra user accounts. Easily change access policies from the dashboard or API.

access sso desktop

Deploy and Manage Access Control Quickly

Leverage existing identity providers and authenticate on the Cloudflare global network. Maintaining multiple or shared user accounts to internal resources is no longer necessary. Identity providers include: Google™, G Suite™, Github™, Okta™, Facebook™, and more...

Full provider list

Screen Shot 2019 07 26 at 11

Monitor User Access and Change Logs

View and search real-time access logs in the dashboard or integrate with a third party SIEM. Have full visibility into: recent logins, access requests, and policy changes. Search for and expand logs directly in the dashboard to see affected users, associated IPs, domains, actions taken, and timestamps.

Easy internal application access via mobile device.

Deliver Fast Applications to Devices Anywhere

Users get easy, secure, and fast access to internal applications wherever they are, from whatever device. Cloudflare's global network accelerates applications while also doing away with additional latency and the unnecessary authentication hassles of VPNs.

Audit and compliance logs 2x

Request Level Logging For Audit And Compliance

Log every request made to a resource behind Cloudflare Access and attribute it to the authenticated user. Monitor and log user sessions as they navigate through an application, and export these logs to your SIEM with Cloudflare Logpush. Currently available for Enterprise customers.

Key Features

Flexible Session Durations

Flexible Session Durations

Revocable Session Tokens

Revocable Session Tokens

Support for Multiple Subdomains

Support for Multiple Subdomains

Origin Hiding with <a href='/products/argo-tunnel/' class='link--bolder'>Argo Tunnel</a>

Origin Hiding with Argo Tunnel

Customizable Login Page Branding

Customizable Login Page Branding

Searchable and Detailed Audit Logs

Searchable and Detailed Audit Logs

Dynamic Content Acceleration with <a href='/argo/' class='link--bolder'>Argo</a>

Dynamic Content Acceleration with Argo

Static Content Caching

Static Content Caching

Integrated <a href='/waf/' class='link--bolder'>WAF</a> and <a href='/rate-limiting/' class='link--bolder'>Rate Limiting</a>

Integrated WAF and Rate Limiting

<a href='/ddos/' class='link--bolder'>DDoS</a> Protection

DDoS Protection

Supports nested groups of users

Supports nested groups of users

Supports whitelisting of external services

Supports whitelisting of external services

Supports IP address ranges

Supports IP address ranges

Support for server access over <a href='https://blog.cloudflare.com/releasing-the-cloudflare-access-feature-that-let-us-smash-a-vpn-on-stage/' class='link--bolder'>SSH (Secure Shell)</a>

Support for server access over SSH (Secure Shell)

Enables a secure, Zero Trust command line (CLI) authentication to APIs

Enables a secure, Zero Trust command line (CLI) authentication to APIs

Credentials for automated services with Access service tokens.

Credentials for automated services with Access service tokens.

"Cloudflare Access is helping 23andMe access our internal applications securely from any device at any time without the need for VPN."
Arnold de Leon
SRE Manager at 23andMe

Pricing for Cloudflare Access

Access pricing is based on the number of users and the choice of identity provider (IdP). There are two plans: Basic and Premium. The basic plan offers support for social IdPs such as Facebook or Google whereas the Premium plan offers support for enterprise IdPs such as Okta, and G-suite. A complete list of features by plan as well as answers to frequently asked questions can be seen here.

Your Access plan is shared across zones in your account. You should purchase the number of seats you expect to need for all zones. The Access pricing calculator will help you estimate your price and select your plan based on the identity provider/s you need and the number of seats you expect to use.