Authenticate with Azure AD
This step needs only to be added if the website should be protected with login and authenticate against the Azure AD.
Azure AD must be activated as an Identity Provider in the cloudflare account, see Azure AD as an identity provider.
- Log in to the Azure portal and select Azure Active Directory.
- Select Group.
- Select New Group.
- Chose the Group type* security.
- Enter a Gropu name and Description.
- Chose members
- Click Create.
- Copy the Object id for further use.
- Log in to the Cloudflare dashboard and select your account.
- In Account Home, select Worker & Pages > Owerview.
- select the appropriate page.
- Select Settings and then activate Enable access poliy in the section Access policy.
- Click on Manage Policies.
- Chose the Application and click Configure.
- Click on D and follow step 9 in the next section.
- …
To add authentication
- Log in to the Cloudflare dashboard and select your account.
- In Account Home, select Zero Trust.
- In AZero Trust, select Access > Applications.
- Select Add an application.
- Select Self-hosted
- Enter an application name.
- Select the domain which to add authentication and if necessary a subdomain.
- Keep Enable App in App Launcher active.
- Deactivate Accept all available identity providers.
- Select Azure AD.
- Deselect others.
- Activate Skip identity provider selection if only one is configured.
- Klick Next button.
- Enter a Policy name e.g. “Allow Members - Cloudflare Pages”.
- Chose Allow for Action.
- Chose Same as application session timeout for Session duration.
- In Configure rules chose Azure Group as selector and enter the Azure Group id (Object id).
- Click Next
- Click Add application