diff --git a/src/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png b/src/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png new file mode 100644 index 00000000000000..170692e1738827 Binary files /dev/null and b/src/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png differ diff --git a/src/content/changelog/fundamentals/2025-06-02-user-groups-beta.mdx b/src/content/changelog/fundamentals/2025-06-02-user-groups-beta.mdx new file mode 100644 index 00000000000000..b2540913e2a88d --- /dev/null +++ b/src/content/changelog/fundamentals/2025-06-02-user-groups-beta.mdx @@ -0,0 +1,34 @@ +--- +title: Cloudflare User Groups & Enhanced Permission Policies are now in Beta +description: Simplifying the management of users, groups, and permissions within Cloudflare. +products: + - fundamentals +date: 2025-06-02 +--- + +We're excited to announce the Public Beta launch of **User Groups for Cloudflare Dashboard** and **System for Cross Domain Identity Management (SCIM) User Groups**, expanding our RBAC capabilities to simplify user and group management at scale. + +We've also visually overhauled the **Permission Policies UI** to make defining permissions more intuitive. + +**What's New** + +**User Groups [BETA]**: [User Groups](/fundamentals/manage-members/user-groups/) are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually, via our APIs, or Terraform. + +**SCIM User Groups [BETA]**: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard. + +:::note +SCIM Virtual Groups (identified by the pattern `CF--` in your IdP) are deprecated as of 06/02/25. We recommend migrating SCIM Virtual Groups implementations to use [SCIM User Groups](/fundamentals/account/account-security/scim-setup/). If you did not use Virtual Groups, no action is needed. +::: + +**Revamped Permission Policies UI [BETA]**: As Cloudflare's services have grown, so has the need for precise, role-based access control. We've given the Permission Policies builder a visual overhaul to make it much easier for administrators to find and define the exact permissions they want for specific principals. + +![Updated Permissions Policy UX](~/assets/images/changelog/fundamentals/2025-06-02-permissions-policy-ux.png) + +:::note +When opting into the Beta for User Groups and Permission Policies, you'll be transitioning to a new experience. Please be aware that opting out isn't currently available. +::: + +For more info: + +- [Get started with User Groups](/fundamentals/manage-members/user-groups/) +- [Explore our SCIM integration guide](/fundamentals/account/account-security/scim-setup/)