import{_ as e,c as a,o as i,a4 as t}from"./chunks/framework.BmdFiWrL.js";const f=JSON.parse('{"title":"Cloudflare Access OAuth2 Configuration","description":"","frontmatter":{},"headers":[],"relativePath":"en_US/guide/q8.md","filePath":"en_US/guide/q8.md","lastUpdated":1720539149000}'),o={name:"en_US/guide/q8.md"},c=t(`<h1 id="cloudflare-access-oauth2-configuration" tabindex="-1">Cloudflare Access OAuth2 Configuration <a class="header-anchor" href="#cloudflare-access-oauth2-configuration" aria-label="Permalink to &quot;Cloudflare Access OAuth2 Configuration&quot;">​</a></h1><p>If you encounter issues logging in as an administrator using Github, Gitlab, or Gitee, you may consider switching to Cloudflare Access as the OAuth2 provider.</p><h2 id="example-configuration" tabindex="-1">Example Configuration: <a class="header-anchor" href="#example-configuration" aria-label="Permalink to &quot;Example Configuration:&quot;">​</a></h2><div class="language-yaml vp-adaptive-theme"><button title="Copy Code" class="copy"></button><span class="lang">yaml</span><pre class="shiki shiki-themes github-light github-dark vp-code" tabindex="0"><code><span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">Oauth2</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">:</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  Admin</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">701b9ea6-9f56-48cd-af3e-cbb4bfc1475c</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  ClientID</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  ClientSecret</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  Endpoint</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">&quot;https://xxxxx.cloudflareaccess.com&quot;</span></span>
<span class="line"><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">  Type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">: </span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">cloudflare</span></span></code></pre></div><h2 id="configuration-description" tabindex="-1">Configuration Description: <a class="header-anchor" href="#configuration-description" aria-label="Permalink to &quot;Configuration Description:&quot;">​</a></h2><table tabindex="0"><thead><tr><th>Parameter</th><th>Retrieval Method</th></tr></thead><tbody><tr><td>Admin</td><td><code>My Team</code> -&gt; <code>Users</code> -&gt; <code>&lt;specific user&gt;</code> -&gt; <code>User ID</code></td></tr><tr><td>ClientID/ClientSecret</td><td><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Add an Application</code> <br> -&gt; <code>SaaS</code> -&gt; <code>OIDC</code></td></tr><tr><td>Endpoint</td><td><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Application URL</code> -&gt; <code>Only keep the protocol and domain, no path</code></td></tr></tbody></table><h3 id="creating-a-saas-oidc-application" tabindex="-1">Creating a SaaS-OIDC Application <a class="header-anchor" href="#creating-a-saas-oidc-application" aria-label="Permalink to &quot;Creating a SaaS-OIDC Application&quot;">​</a></h3><p>Go to Zero Trust Dashboard: <a href="https://one.dash.cloudflare.com" target="_blank" rel="noreferrer">https://one.dash.cloudflare.com</a></p><ol><li><code>My Team</code> -&gt; <code>Users</code> -&gt; <code>&lt;specific user&gt;</code> -&gt; Get <code>User ID</code> and save it;</li><li><code>Access</code> -&gt; <code>Application</code> -&gt; <code>Add an Application</code>;</li><li>Select <code>SaaS</code>, enter a custom application name (e.g., nezha) in <code>Application</code>, select <code>OIDC</code>, and click <code>Add application</code>;</li><li>In <code>Scopes</code>, select <code>openid</code>, <code>email</code>, <code>profile</code>, <code>groups</code>;</li><li>Fill in your CallBack URL in <code>Redirect URLs</code>, such as <code>https://dashboard.example.com/oauth2/callback</code>;</li><li>Record the <code>Client ID</code>, <code>Client Secret</code>, and the protocol and domain part of the <code>Issuer</code> URL, such as <code>https://xxxxx.cloudflareaccess.com</code>;</li><li>Edit the Dashboard configuration file (usually located at <code>/opt/nezha/dashboard/data/config.yaml</code>), modify the <code>Oauth2</code> configuration according to the example configuration, and restart the Dashboard service.</li></ol><h3 id="authentication-policy-configuration" tabindex="-1">Authentication Policy Configuration <a class="header-anchor" href="#authentication-policy-configuration" aria-label="Permalink to &quot;Authentication Policy Configuration&quot;">​</a></h3><p>After completing the Dashboard setup, you also need to configure the authentication policy in the Zero Trust Dashboard: <code>Access</code> -&gt; <code>Applications</code> -&gt; <code>&lt;application name&gt;</code> -&gt; <code>Policies</code>. You can choose from over ten SSO authentication methods, including email OTP verification, hardware key verification, etc. For detailed configuration, please refer to the <a href="https://developers.cloudflare.com/cloudflare-one/" target="_blank" rel="noreferrer">Cloudflare Zero Trust documentation</a>.</p>`,11),s=[c];function n(d,l,r,h,p,u){return i(),a("div",null,s)}const k=e(o,[["render",n]]);export{f as __pageData,k as default};