If you encounter issues logging in as an administrator using Github, Gitlab, or Gitee, you may consider switching to Cloudflare Access as the OAuth2 provider.

## Example Configuration:

```yaml
Oauth2:
  Admin: 701b9ea6-9f56-48cd-af3e-cbb4bfc1475c
  ClientID: 3516291f53eca9b4901a01337e41be7dc52f565c8657d08a3fddb2178d13c5bf
  ClientSecret: 0568b67c7b6d0ed51c663e2fe935683007c28f947a27b7bd47a5ad3d8b56fb67
  Endpoint: "https://xxxxx.cloudflareaccess.com"
  Type: cloudflare
```

## Configuration Description:

| Parameter             | Retrieval Method                                                                |
|-----------------------|---------------------------------------------------------------------------------|
| Admin                 | `My Team` -> `Users` -> `<specific user>` -> `User ID`                          |
| ClientID/ClientSecret | `Access` -> `Application` -> `Add an Application` <br/> -> `SaaS` -> `OIDC`     |
| Endpoint              | `Access` -> `Application` -> `Application URL` -> `Only keep the protocol and domain, no path` |

### Creating a SaaS-OIDC Application

Go to Zero Trust Dashboard: https://one.dash.cloudflare.com

1. `My Team` -> `Users` -> `<specific user>` -> Get `User ID` and save it;
2. `Access` -> `Application` -> `Add an Application`;
3. Select `SaaS`, enter a custom application name (e.g., nezha) in `Application`, select `OIDC`, and click `Add application`;
4. In `Scopes`, select `openid`, `email`, `profile`, `groups`;
5. Fill in your CallBack URL in `Redirect URLs`, such as `https://dashboard.example.com/oauth2/callback`;
6. Record the `Client ID`, `Client Secret`, and the protocol and domain part of the `Issuer` URL, such as `https://xxxxx.cloudflareaccess.com`;
7. Edit the Dashboard configuration file (usually located at `/opt/nezha/dashboard/data/config.yaml`), modify the `Oauth2` configuration according to the example configuration, and restart the Dashboard service.

### Authentication Policy Configuration

After completing the Dashboard setup, you also need to configure the authentication policy in the Zero Trust Dashboard: `Access` -> `Applications` -> `<application name>` -> `Policies`. You can choose from over ten SSO authentication methods, including email OTP verification, hardware key verification, etc. For detailed configuration, please refer to the [Cloudflare Zero Trust documentation](https://developers.cloudflare.com/cloudflare-one/).