Cloudflare’s innovation weeks in 2021 brought so much more the Platform. I spent some time thinking about what I would like to see from Cloudflare this year.
Here are my top 3 asks of what I would like to see from Cloudflare Identity week. If you work at Cloudflare and reading this, please forward to @eastdakota, @jgrahamc or whoever else might be the right person.
Identity week kicks off an innovation week focussed on a series of identity improvements to the Cloudflare product suite. These features will make it easier for medium to large companies build on top of cloudflare in a more secure and thoughtful manner.
IAM for Cloudflare accounts
Cloudflare accounts have historically had only 3 very basic kind of users, Super Administrator, Administrator, and user. Today we are launching a full fledged IAM product which makes managing users on Cloudflare very simple, yet flexible.
Each of our product offerings from workers, pages all the way to domains have granular permission scopes. However to make your lives easier we have pre-built roles which we recommend people follow unless they need something more complex. Flexibility is key at Cloudflare and if you need it you can go ahead and make custom roles.
Scopes are granular to the point where KV stores with sensitive data can be limited to workers with the right role. This applies even to workers running on via cloudflare pages. The roles and scopes work across Cloudflare teams as well! This means that creating a cloudflare access tunnel can be limited to people with the CF tunnels role for a single domain.
Further, we have gone ahead and updated our terraform provider to make it easy to compose new roles and manage everything as IaC
Today we announce the ability to manage sub accounts within your cloudflare account. Whether it is having an account for developers to explore cloudflare or it is the ability to separate services by environment, this is now a breeze.
From the integrated organization page you can create new sub accounts, organize them via tags and it just works! Our billing page gives you detailed breakdowns of per account usage and per product usage as well.
Custom roles that you make can be delegated across subaaccounts easily.
SAML auth to Cloudflare
We are making access to the cloudflare console and programmatic access work with SAML. We have pre built apps on every major identity provider such as Okta and One login, and setting it up for other providers should be as simple as following the instructions on the IAM page.
All our products such as the console, wrangler and cloudflared are built to work with SAML auth right off the bat.