diff --git a/src/content/docs/cloudflare-one/account-limits.mdx b/src/content/docs/cloudflare-one/account-limits.mdx
index 134fa41101c396..199a611c0f6c2c 100644
--- a/src/content/docs/cloudflare-one/account-limits.mdx
+++ b/src/content/docs/cloudflare-one/account-limits.mdx
@@ -5,6 +5,10 @@ sidebar:
order: 12
---
+import { Render } from "~/components";
+
+
+
This page lists the default account limits for rules, applications, fields, and other features. These limits may be increased on Enterprise accounts. To request a limit increase, contact your account team.
## Access
diff --git a/src/content/docs/cloudflare-one/api-terraform/index.mdx b/src/content/docs/cloudflare-one/api-terraform/index.mdx
index d061e8004bfd0d..99c6aa38646a2b 100644
--- a/src/content/docs/cloudflare-one/api-terraform/index.mdx
+++ b/src/content/docs/cloudflare-one/api-terraform/index.mdx
@@ -3,10 +3,11 @@ pcx_content_type: navigation
title: API and Terraform
sidebar:
order: 10
-
---
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components";
+
+
This section covers a few common use cases with the API and Terraform to manage Cloudflare Zero Trust. For more information, refer to our [API documentation](/api/) and [Terraform reference guide](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).
diff --git a/src/content/docs/cloudflare-one/applications/casb/index.mdx b/src/content/docs/cloudflare-one/applications/casb/index.mdx
index bafae1ba80314c..7ea7e4649a02b9 100644
--- a/src/content/docs/cloudflare-one/applications/casb/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/casb/index.mdx
@@ -10,6 +10,8 @@ learning_center:
import { GlossaryTooltip, Render } from "~/components";
+
+
:::note[Availability]
Available for all Zero Trust users.
diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
index dbb4b93f1b2510..eeb047f02717c3 100644
--- a/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/configure-apps/index.mdx
@@ -3,9 +3,12 @@ pcx_content_type: concept
title: Add web applications
sidebar:
order: 1
-
---
+import { Render } from "~/components";
+
+
+
Cloudflare Access allows you to secure your web applications by acting as an identity aggregator, or proxy. You can use signals from your existing identity providers (IdPs), device posture providers, and [other rules](/cloudflare-one/policies/access/#selectors) to control who can log in to the application.
@@ -15,7 +18,8 @@ You can protect the following types of web applications:
- [**SaaS applications**](/cloudflare-one/applications/configure-apps/saas-apps/) consist of applications your team relies on that are not hosted by your organization. Examples include Salesforce and Workday. To secure SaaS applications, you must integrate Cloudflare Access with the SaaS application's SSO configuration.
- **Self-hosted applications** consist of internal applications that you host in your own environment. These can be the data center versions of tools like the Atlassian suite or applications created by your own team. Setup requirements for a self-hosted application depend on whether the application is publicly accessible on the Internet or restricted to users on a private network.
- - [**Public hostname applications**](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
- - [**Private network applications**](/cloudflare-one/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/magic-wan/) or use an agentless option such as [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/) or [Clientless Web Isolation](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
-- [**Cloudflare Dashboard SSO**](/cloudflare-one/applications/configure-apps/dash-sso-apps/) is a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.
\ No newline at end of file
+ - [**Public hostname applications**](/cloudflare-one/applications/configure-apps/self-hosted-public-app/) are web applications that have public DNS records. Anyone on the Internet can access the application by entering the URL in their browser and authenticating through Cloudflare Access. Securing access to a public website requires a Cloudflare DNS [full setup](/dns/zone-setups/full-setup/) or [partial CNAME setup](/dns/zone-setups/partial-setup/).
+ - [**Private network applications**](/cloudflare-one/applications/non-http/self-hosted-private-app/) do not have public DNS records, meaning they are not reachable from the public Internet. To connect using a private IP or private hostname, the user's traffic must route through Cloudflare Gateway. The preferred method is to install the WARP client on the user's device, but you could also forward device traffic from a [network location](/magic-wan/) or use an agentless option such as [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/) or [Clientless Web Isolation](/cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/).
+
+- [**Cloudflare Dashboard SSO**](/cloudflare-one/applications/configure-apps/dash-sso-apps/) is a special type of SaaS application that manages SSO settings for the Cloudflare dashboard and has limited permissions for administrator edits.
diff --git a/src/content/docs/cloudflare-one/applications/index.mdx b/src/content/docs/cloudflare-one/applications/index.mdx
index 9126a5a58aafb8..1e53cb470f8250 100644
--- a/src/content/docs/cloudflare-one/applications/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/index.mdx
@@ -3,10 +3,11 @@ pcx_content_type: navigation
title: Applications
sidebar:
order: 6
-
---
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components";
+
+
Cloudflare Zero Trust can secure self-hosted and SaaS applications with Zero Trust rules.
diff --git a/src/content/docs/cloudflare-one/applications/non-http/index.mdx b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
index 524fc807d74948..5f2ee09a81dd4d 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/index.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/index.mdx
@@ -5,6 +5,10 @@ sidebar:
order: 1
---
+import { Render } from "~/components";
+
+
+
Cloudflare offers both client-based and clientless ways to grant secure access to non-HTTP applications.
:::note
diff --git a/src/content/docs/cloudflare-one/changelog/access.mdx b/src/content/docs/cloudflare-one/changelog/access.mdx
index 0797cd890c1ce6..23cf6a9244d09e 100644
--- a/src/content/docs/cloudflare-one/changelog/access.mdx
+++ b/src/content/docs/cloudflare-one/changelog/access.mdx
@@ -7,7 +7,9 @@ head:
description: Review recent changes to Cloudflare Access.
---
-import { ProductChangelog } from "~/components";
+import { ProductChangelog, Render } from "~/components";
+
+
{/* */}
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/index.mdx
index 6ee6a2f57ff499..05af43895fda78 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/index.mdx
@@ -3,10 +3,11 @@ pcx_content_type: navigation
title: Connect devices
sidebar:
order: 4
-
---
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components";
+
+
Configure devices to send DNS queries to Cloudflare, or proxy all traffic leaving the device through Cloudflare's network.
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
index 56ead972736552..7db1685f5a2ec4 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-networks/index.mdx
@@ -5,6 +5,10 @@ sidebar:
order: 1
---
+import { Render } from "~/components";
+
+
+
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP — instead, a lightweight daemon in your infrastructure (`cloudflared`) creates outbound-only connections to Cloudflare's global network. Cloudflare Tunnel can connect HTTP web servers, [SSH servers](/cloudflare-one/connections/connect-networks/use-cases/ssh/), [remote desktops](/cloudflare-one/connections/connect-networks/use-cases/rdp/), and other protocols safely to Cloudflare. This way, your origins can serve traffic through Cloudflare without being vulnerable to attacks that bypass Cloudflare.
Refer to our [reference architecture](/reference-architecture/architectures/sase/) for details on how to implement Cloudflare Tunnel into your existing infrastructure.
@@ -20,4 +24,4 @@ Cloudflared establishes outbound connections (tunnels) between your resources an
- Create a tunnel using the [Cloudflare dashboard](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/) or [API](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel-api/).
- Learn more about [`cloudflared`](/cloudflare-one/connections/connect-networks/downloads/), the server-side daemon that connects your infrastructure to Cloudflare.
- Review useful [Tunnel terms](/cloudflare-one/connections/connect-networks/get-started/tunnel-useful-terms/) to familiarize yourself with the concepts used in Tunnel documentation.
-- [Troubleshoot](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/) your Tunnel by reviewing available logs and common errors.
\ No newline at end of file
+- [Troubleshoot](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/) your Tunnel by reviewing available logs and common errors.
diff --git a/src/content/docs/cloudflare-one/email-security/index.mdx b/src/content/docs/cloudflare-one/email-security/index.mdx
index 1d3cd94e79922f..65663d8a91b5f4 100644
--- a/src/content/docs/cloudflare-one/email-security/index.mdx
+++ b/src/content/docs/cloudflare-one/email-security/index.mdx
@@ -5,15 +5,15 @@ sidebar:
order: 9
---
-import { Description } from "~/components"
+import { Description, Render } from "~/components";
+
+
:::caution[Important]
Refer to [Area 1](/email-security/) if you are looking for the Area 1 documentation.
:::
-
-Secure your email inbox with Email Security.
-
+Secure your email inbox with Email Security.
Email Security secures your email inbox by integrating with your existing email provider and blocking phishing attacks, malware, [Business Email Compromise](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/) attacks, and vendor email fraud.
@@ -38,4 +38,4 @@ Once you have completed the setup process, the Email Security overview will disp
- A series of recommendations. For example, you may be recommended to learn how to submit emails for reclassification, create policies, or learn how to manage your [impersonation registry](/cloudflare-one/email-security/detection-settings/impersonation-registry/).
- Email Security metrics (your email security activity from the last 7 days).
- Recently modified policies, where you will be able to view all modified policies.
-- Education and resources: Links to [implementation guides](/cloudflare-one/implementation-guides/), [Email Security changelogs](/cloudflare-one/changelog/email-security/), and [API documentation](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/).
\ No newline at end of file
+- Education and resources: Links to [implementation guides](/cloudflare-one/implementation-guides/), [Email Security changelogs](/cloudflare-one/changelog/email-security/), and [API documentation](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/).
diff --git a/src/content/docs/cloudflare-one/faq/index.mdx b/src/content/docs/cloudflare-one/faq/index.mdx
index 9bfc8d613c3e78..53707fe73bd9c3 100644
--- a/src/content/docs/cloudflare-one/faq/index.mdx
+++ b/src/content/docs/cloudflare-one/faq/index.mdx
@@ -7,7 +7,9 @@ sidebar:
order: 16
---
-import { LinkButton } from "~/components";
+import { LinkButton, Render } from "~/components";
+
+
Review answers to the most commonly asked questions on Cloudflare Zero Trust, as well as a troubleshooting section to help you solve common issues and errors you may come across.
diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index 0221ff8176f68f..6a47d8fd666c08 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -9,6 +9,8 @@ description: Review common troubleshooting scenarios for Cloudflare Zero Trust.
import { GlossaryTooltip, Render } from "~/components";
+
+
[❮ Back to FAQ](/cloudflare-one/faq/)
## I tried to register the WARP client with my Zero Trust domain but received the following error messages: `Authentication Expired` and `Registration error. Please try again later`.
@@ -324,17 +326,17 @@ You must ensure the host device is included in the WARP tunnel while excluding t
This issue can occur due to a conflict between browser settings and Windows network configuration.
-In Chromium-based browsers like Chrome and Edge, the **Anonymize local IPs exposed by WebRTC** flag (`chrome://flags/#enable-webrtc-hide-local-ips-with-mdns` or `edge://flags/#enable-webrtc-hide-local-ips-with-mdns`) — when set to `Enabled` or left at `Default` — hides local IP addresses by replacing them with mDNS hostnames. Multicast DNS (mDNS) hostnames rely on multicast traffic to be resolved properly on the local network.
+In Chromium-based browsers like Chrome and Edge, the **Anonymize local IPs exposed by WebRTC** flag (`chrome://flags/#enable-webrtc-hide-local-ips-with-mdns` or `edge://flags/#enable-webrtc-hide-local-ips-with-mdns`) — when set to `Enabled` or left at `Default` — hides local IP addresses by replacing them with mDNS hostnames. Multicast DNS (mDNS) hostnames rely on multicast traffic to be resolved properly on the local network.
The [Internet Group Management Protocol (IGMP)](https://www.cloudflare.com/learning/network-layer/what-is-igmp/) allows devices to join a multicasting group. On Windows, `IGMPLevel` determines whether the system participates in multicast group membership. When `IGMPLevel` is set to `0`, multicast support is disabled.
To resolve this error, review the following options:
-| `IGMPLevel` | **Anonymize local IPs exposed by WebRTC** setting | Result in Clientless Web Isolation |
-|--------------------|-----------------------------------------------------------|----------------------------------------------|
-| `0` (disabled) | **Enabled / Default** | ❌ Blank screen |
-| `0` (disabled) | **Disabled** | ✅ Works - browser will use local IP address |
-| `2` (enabled) | **Enabled / Default** | ✅ Works - mDNS resolves successfully |
+| `IGMPLevel` | **Anonymize local IPs exposed by WebRTC** setting | Result in Clientless Web Isolation |
+| -------------- | ------------------------------------------------- | -------------------------------------------- |
+| `0` (disabled) | **Enabled / Default** | ❌ Blank screen |
+| `0` (disabled) | **Disabled** | ✅ Works - browser will use local IP address |
+| `2` (enabled) | **Enabled / Default** | ✅ Works - mDNS resolves successfully |
## After putting Google Workspace behind Access, I can’t log in. It keeps redirecting between Access and Google without ever completing authentication.
diff --git a/src/content/docs/cloudflare-one/glossary.mdx b/src/content/docs/cloudflare-one/glossary.mdx
index b6d1a369d074fb..aa33d16bc7e8ca 100644
--- a/src/content/docs/cloudflare-one/glossary.mdx
+++ b/src/content/docs/cloudflare-one/glossary.mdx
@@ -3,10 +3,11 @@ pcx_content_type: reference
title: Glossary
sidebar:
order: 14
-
---
-import { Glossary } from "~/components"
+import { Glossary, Render } from "~/components";
+
+
Review definitions for Cloudflare Zero Trust terms.
diff --git a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
index ae8325906def31..6d44a7b27d6706 100644
--- a/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/authorization-cookie/index.mdx
@@ -4,21 +4,23 @@ title: Authorization cookie
description: Learn how Cloudflare Access uses CF_Authorization cookies to secure self-hosted web applications.
sidebar:
order: 12
-
---
-import { Details, GlossaryTooltip } from "~/components"
+import { Details, GlossaryTooltip, Render } from "~/components";
+
+
When you protect a site with Cloudflare Access, Cloudflare checks every HTTP request bound for that site to ensure that the request has a valid `CF_Authorization` cookie. If a request does not include the cookie, Access will block the request.
+
## Access JWTs
The `CF_Authorization` cookie contains the user's identity in the form of a JSON Web Token (JWT). Cloudflare securely creates these tokens through the OAUTH or SAML integration between Cloudflare Access and the configured identity provider.
Two tokens are generated:
-* **Global session token**: a token generated when a user logs in to Access. This token is stored as a cookie at your team domain (for example, `https://.cloudflareaccess.com`) and prevents a user from needing to log in to each application.
+- **Global session token**: a token generated when a user logs in to Access. This token is stored as a cookie at your team domain (for example, `https://.cloudflareaccess.com`) and prevents a user from needing to log in to each application.
-* [**Application token**](/cloudflare-one/identity/authorization-cookie/application-token/): a token generated for each application that a user reaches. This token is stored as a cookie on the protected domain (for example, `https://jira.site.com`) and may be used to [validate requests](/cloudflare-one/identity/authorization-cookie/validating-json) on your origin.
+- [**Application token**](/cloudflare-one/identity/authorization-cookie/application-token/): a token generated for each application that a user reaches. This token is stored as a cookie on the protected domain (for example, `https://jira.site.com`) and may be used to [validate requests](/cloudflare-one/identity/authorization-cookie/validating-json) on your origin.
### Multi-domain applications
@@ -32,10 +34,10 @@ If the Access application has more than five domains, Access will not preemptive
Cloudflare Access provides optional security settings that can be added to the browser cookies generated by Access for an authenticated user.
-* [SameSite](#samesite-attribute)
-* [HttpOnly flag](#httponly)
-* [Binding cookie](#binding-cookie)
-* [Cookie path](#cookie-path-attribute)
+- [SameSite](#samesite-attribute)
+- [HttpOnly flag](#httponly)
+- [Binding cookie](#binding-cookie)
+- [Cookie path](#cookie-path-attribute)
To enable these settings:
@@ -55,9 +57,9 @@ The [SameSite](https://web.dev/samesite-cookies-explained/) Attribute selector r
The selector options are:
-* **None** - Cookies will be sent in all contexts, including cross-origin requests.
-* **Lax** - Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by third party websites.
-* **Strict** - Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
+- **None** - Cookies will be sent in all contexts, including cross-origin requests.
+- **Lax** - Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by third party websites.
+- **Strict** - Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
Refer to the [Mozilla documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value) for more information.
@@ -73,8 +75,8 @@ The HttpOnly flag is a cookie attribute that prevents the cookie from being acce
Do not enable HttpOnly if:
-* You are using the Access application for non-browser based tools (such as SSH or RDP).
-* You have software that relies on being able to access a user's cookie generated by Access.
+- You are using the Access application for non-browser based tools (such as SSH or RDP).
+- You have software that relies on being able to access a user's cookie generated by Access.
### Binding Cookie
@@ -84,9 +86,9 @@ The Binding Cookie is an additional cookie created when a user successfully auth
Do not enable Binding Cookie if:
-* You are using the Access application for non-browser based tools (such as SSH or RDP).
-* You have enabled [incompatible Cloudflare products](/cloudflare-one/applications/configure-apps/self-hosted-public-app/#product-compatibility) on the application domain.
-* You have turned on [WARP authentication identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/) for the application.
+- You are using the Access application for non-browser based tools (such as SSH or RDP).
+- You have enabled [incompatible Cloudflare products](/cloudflare-one/applications/configure-apps/self-hosted-public-app/#product-compatibility) on the application domain.
+- You have turned on [WARP authentication identity](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-sessions/) for the application.
### Cookie Path Attribute
@@ -98,27 +100,22 @@ By default, some browsers block all third-party cookies in private browsing mode
To enable third-party cookies for an Access application:
-
1. Go to **Settings** > **Privacy and security** > **Cookies and other site data**.
2. Under **Sites that can always use cookies**, add the following URLs:
- * Hostname of your Access application (for example, `https://jira.site.com`)
- * `https://.cloudflareaccess.com`
-
+ - Hostname of your Access application (for example, `https://jira.site.com`)
+ - `https://.cloudflareaccess.com`
-
1. Go to **Safari** > **Settings** > **Privacy**.
2. Deselect **Block all cookies**.
-
-
1. Go to **Settings** > **Privacy & Security**.
@@ -128,16 +125,13 @@ To enable third-party cookies for an Access application:
5. Enter `https://.cloudflareaccess.com` and select **Allow**.
6. Select **Save Changes**.
-
-
1. Go to `brave://settings/cookies`.
2. Under **Sites that can always use cookies**, add the following URLs:
- * Hostname of your Access application (for example, `https://jira.site.com`)
- * `https://.cloudflareaccess.com`
-
+ - Hostname of your Access application (for example, `https://jira.site.com`)
+ - `https://.cloudflareaccess.com`
diff --git a/src/content/docs/cloudflare-one/identity/devices/index.mdx b/src/content/docs/cloudflare-one/identity/devices/index.mdx
index d5b5b8776ff702..ed8df3bc471aff 100644
--- a/src/content/docs/cloudflare-one/identity/devices/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/devices/index.mdx
@@ -5,6 +5,10 @@ sidebar:
order: 4
---
+import { Render } from "~/components";
+
+
+
With Cloudflare Zero Trust, you can configure Zero Trust policies that rely on additional signals from the WARP client or from third-party endpoint security providers. When device posture checks are configured, users can only connect to a protected application or network resource if they have a managed or healthy device.
## 1. Enable device posture checks
diff --git a/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx b/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx
index 2cacabd882ee0f..c4d3de4f9f78d2 100644
--- a/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/idp-integration/index.mdx
@@ -5,6 +5,8 @@ title: SSO integration
import { Render } from "~/components";
+
+
Cloudflare Zero Trust allows you to integrate your organization's identity providers (IdPs) with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors.
Adding an identity provider as a login method requires configuration both in [Zero Trust](https://one.dash.cloudflare.com) and with the identity provider itself. Consult our IdP-specific documentation to learn more about what you need to set up.
diff --git a/src/content/docs/cloudflare-one/identity/index.mdx b/src/content/docs/cloudflare-one/identity/index.mdx
index 8049567a7078b7..7b08d5b0ffa0f8 100644
--- a/src/content/docs/cloudflare-one/identity/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/index.mdx
@@ -3,10 +3,11 @@ pcx_content_type: navigation
title: Identity
sidebar:
order: 4
-
---
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components";
+
+
Cloudflare Zero Trust integrates with your organization's identity provider to apply Zero Trust and Secure Web Gateway policies. If you work with partners, contractors, or other organizations, you can integrate multiple identity providers simultaneously.
diff --git a/src/content/docs/cloudflare-one/identity/users/index.mdx b/src/content/docs/cloudflare-one/identity/users/index.mdx
index dbb884eb1a2d38..604eac6baf770d 100644
--- a/src/content/docs/cloudflare-one/identity/users/index.mdx
+++ b/src/content/docs/cloudflare-one/identity/users/index.mdx
@@ -3,10 +3,11 @@ pcx_content_type: navigation
title: User management
sidebar:
order: 5
-
---
-import { DirectoryListing } from "~/components"
+import { DirectoryListing, Render } from "~/components";
+
+
Manage users in your Zero Trust organization.
diff --git a/src/content/docs/cloudflare-one/implementation-guides/index.mdx b/src/content/docs/cloudflare-one/implementation-guides/index.mdx
index 0b84084b5778af..dc69bca39fc448 100644
--- a/src/content/docs/cloudflare-one/implementation-guides/index.mdx
+++ b/src/content/docs/cloudflare-one/implementation-guides/index.mdx
@@ -7,7 +7,9 @@ head: []
description: View implementation guides for Cloudflare Zero Trust.
---
-import { CardGrid, LinkTitleCard } from "~/components";
+import { CardGrid, LinkTitleCard, Render } from "~/components";
+
+
Implementation guides cover deployment steps and best practices for specific Cloudflare One use cases.
diff --git a/src/content/docs/cloudflare-one/index.mdx b/src/content/docs/cloudflare-one/index.mdx
index 031c7b6f3a3491..61766c5fb502a6 100644
--- a/src/content/docs/cloudflare-one/index.mdx
+++ b/src/content/docs/cloudflare-one/index.mdx
@@ -14,7 +14,7 @@ import {
CardGrid,
Description,
Feature,
- GlossaryTooltip,
+ GlossaryTooltip,
LinkButton,
LinkTitleCard,
Plan,
@@ -30,6 +30,8 @@ Secure your organization with Cloudflare Zero Trust — a cloud security model t
+
+
Cloudflare Zero Trust is part of Cloudflare One, our name for the Secure Access Service Edge (SASE) platform that protects enterprise applications, users, devices, and networks.
By progressively adopting Cloudflare One, organizations can move away from a patchwork of hardware appliances and point solutions, and instead consolidate security and networking through a unified control plane that includes products like [Cloudflare Access](/cloudflare-one/policies/access/), [Secure Web Gateway (SWG)](/cloudflare-one/policies/gateway/), [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/), [Data Loss Prevention (DLP)](/cloudflare-one/policies/data-loss-prevention/), [Remote Browser Isolation (RBI)](/cloudflare-one/policies/browser-isolation/), [Cloud Access Security Broker (CASB)](/cloudflare-one/applications/casb/), and [Email Security](/cloudflare-one/email-security/).
@@ -38,15 +40,11 @@ Refer to our [SASE reference architecture](/reference-architecture/architectures
Get started
-
+
+
Zero Trust dashboard
-
+
+
Implementation guides
@@ -117,7 +115,8 @@ Monitor device, network, and application performance across your Zero Trust orga
href="/learning-paths/sase-overview-course/series/evolution-corporate-networks-1/"
icon="seti:video"
>
- New to Zero Trust and SASE? Get started with our introductory SASE video series.
+ New to Zero Trust and SASE? Get started with our introductory SASE video
+ series.
- Explore our reference architecture to learn how to evolve your network and security architecture to Cloudflare One, our SASE platform.
+ Explore our reference architecture to learn how to evolve your network and
+ security architecture to Cloudflare One, our SASE platform.
- Cloudflare Zero Trust offers both Free and Paid plans. Access to certain features depends on a customer's plan type.
+ Cloudflare Zero Trust offers both Free and Paid plans. Access to certain
+ features depends on a customer's plan type.
- Learn about account limits. These limits may be increased on Enterprise accounts.
+ Learn about account limits. These limits may be increased on Enterprise accounts.
diff --git a/src/content/docs/cloudflare-one/insights/analytics/index.mdx b/src/content/docs/cloudflare-one/insights/analytics/index.mdx
index f56852c5a07f9b..ad8991d4678157 100644
--- a/src/content/docs/cloudflare-one/insights/analytics/index.mdx
+++ b/src/content/docs/cloudflare-one/insights/analytics/index.mdx
@@ -7,7 +7,9 @@ sidebar:
hideIndex: true
---
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Render } from "~/components";
+
+
[Zero Trust](https://one.dash.cloudflare.com/) analytics provide a summary of your applications and traffic.
diff --git a/src/content/docs/cloudflare-one/insights/dex/index.mdx b/src/content/docs/cloudflare-one/insights/dex/index.mdx
index 56c9bfc0fcb357..e946ab8efee042 100644
--- a/src/content/docs/cloudflare-one/insights/dex/index.mdx
+++ b/src/content/docs/cloudflare-one/insights/dex/index.mdx
@@ -5,7 +5,9 @@ sidebar:
order: 1
---
-import { DirectoryListing } from "~/components";
+import { DirectoryListing, Render } from "~/components";
+
+
Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Zero Trust organization. This information enables you to understand the state of your WARP client deployment and quickly resolve issues impacting end-user productivity.
diff --git a/src/content/docs/cloudflare-one/policies/access/index.mdx b/src/content/docs/cloudflare-one/policies/access/index.mdx
index 5be14a52df2dd8..50fbea31f1fad1 100644
--- a/src/content/docs/cloudflare-one/policies/access/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/access/index.mdx
@@ -8,6 +8,10 @@ head:
content: Access policies
---
+import { Render } from "~/components";
+
+
+
Cloudflare Access determines who can reach your application by applying the Access policies you configure.
An Access policy consists of an **Action** as well as rules which determine the scope of the action. To build a rule, you need to choose a **Rule type**, **Selector**, and a **Value** for the selector.
diff --git a/src/content/docs/cloudflare-one/policies/browser-isolation/index.mdx b/src/content/docs/cloudflare-one/policies/browser-isolation/index.mdx
index aa605a5e7bd419..d0bb86cac18d1d 100644
--- a/src/content/docs/cloudflare-one/policies/browser-isolation/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/browser-isolation/index.mdx
@@ -5,14 +5,18 @@ sidebar:
order: 5
---
-:::note
-Available as an add-on to Zero Trust Pay-as-you-go and Enterprise plans.
-:::
+import { Render } from "~/components";
+
+
Cloudflare Browser Isolation complements the [Secure Web Gateway](/cloudflare-one/policies/gateway/) and [Zero Trust Network Access](/cloudflare-one/connections/connect-networks/) solutions by executing active webpage content in a secure isolated browser. Executing active content remotely from the endpoint protects users from zero-day attacks and malware. In addition to protecting endpoints, Browser Isolation also protects users from phishing attacks by preventing user input on risky websites and controlling data transmission to sensitive web applications. You can further filter isolated traffic with Gateway [HTTP](/cloudflare-one/policies/gateway/http-policies/) and [DNS](/cloudflare-one/policies/gateway/dns-policies/) policies.
Remote browsing is invisible to the user who continues to use their browser normally without changing their preferred browser and habits. Every open tab and window is automatically isolated. When the user closes the isolated browser, their session is automatically deleted.
+:::note
+Available as an add-on to Zero Trust Pay-as-you-go and Enterprise plans.
+:::
+
## Privacy
Cloudflare Browser Isolation is a security product. In order to serve transparent isolated browsing and block web based threats our network decrypts Internet traffic using the [Cloudflare root CA](/cloudflare-one/connections/connect-devices/user-side-certificates/). Traffic logs are retained as per the [Zero Trust](/cloudflare-one/insights/logs/) documentation.
diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
index edab3a2e0c7e3c..4c59b162f6ba18 100644
--- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx
@@ -8,7 +8,9 @@ learning_center:
link: https://www.cloudflare.com/learning/access-management/what-is-dlp/
---
-import { GlossaryDefinition } from "~/components";
+import { GlossaryDefinition, Render } from "~/components";
+
+
:::note[Availability]
Available as an add-on to Zero Trust Enterprise plans.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/index.mdx
index f95d151661a405..b6325429018f5c 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/index.mdx
@@ -8,6 +8,10 @@ head:
content: Gateway policies
---
+import { Render } from "~/components";
+
+
+
Cloudflare Gateway, our comprehensive [Secure Web Gateway](https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/), allows you to set up policies to inspect DNS, Network, HTTP, and Egress traffic.
- **DNS policies** inspect DNS queries. You can block domains and IP addresses from resolving on your devices. For more information on DNS filtering, refer to our [Learning Center article](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/).
diff --git a/src/content/docs/cloudflare-one/roles-permissions.mdx b/src/content/docs/cloudflare-one/roles-permissions.mdx
index b2e9908d1ae4cc..fc5db74db989fa 100644
--- a/src/content/docs/cloudflare-one/roles-permissions.mdx
+++ b/src/content/docs/cloudflare-one/roles-permissions.mdx
@@ -5,6 +5,10 @@ sidebar:
order: 13
---
+import { Render } from "~/components";
+
+
+
When creating a Cloudflare Zero Trust account, you will be given the Super Administrator role. As a Super Administrator, you can invite members to join your Zero Trust account and assign them different roles. There is no limit to the number of members which can be added to a given account. Any members with the proper permissions will be able to make configuration changes while actively logged into Zero Trust (unless [read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only) is enabled).
To check the list of members in your account, or to manage roles and permissions, refer to our [Account setup](/fundamentals/manage-members/) documentation.
@@ -49,4 +53,4 @@ For more information on Email Security roles, refer to [Account-scoped roles](/f
- **Email Security Config Admin**: Has administrator access. Cannot take actions on emails, or read emails.
- **Email Security Analyst**: Has analyst access. Can take action on emails and read emails.
- **Email Security Reporting**: Can read metrics.
-- **Email Security Read Only**: Can read all information, but cannot take action on anything.
\ No newline at end of file
+- **Email Security Read Only**: Can read all information, but cannot take action on anything.
diff --git a/src/content/docs/cloudflare-one/setup.mdx b/src/content/docs/cloudflare-one/setup.mdx
index bd787f333b180f..a7f411b2c0d30f 100644
--- a/src/content/docs/cloudflare-one/setup.mdx
+++ b/src/content/docs/cloudflare-one/setup.mdx
@@ -7,6 +7,8 @@ sidebar:
import { Render } from "~/components";
+
+
This guide covers the recommended steps to start securing your users and devices with Cloudflare Zero Trust.
:::note
diff --git a/src/content/docs/cloudflare-one/tutorials/index.mdx b/src/content/docs/cloudflare-one/tutorials/index.mdx
index 0e28f93dc01d96..fb2289cf2bd65f 100644
--- a/src/content/docs/cloudflare-one/tutorials/index.mdx
+++ b/src/content/docs/cloudflare-one/tutorials/index.mdx
@@ -10,9 +10,10 @@ sidebar:
head: []
tableOfContents: false
description: View tutorials for Cloudflare Zero Trust.
-
---
-import { ListTutorials } from "~/components"
+import { ListTutorials, Render } from "~/components";
+
+
diff --git a/src/content/partials/cloudflare-one/survey.mdx b/src/content/partials/cloudflare-one/survey.mdx
new file mode 100644
index 00000000000000..19544c666002be
--- /dev/null
+++ b/src/content/partials/cloudflare-one/survey.mdx
@@ -0,0 +1,11 @@
+---
+{}
+---
+
+:::note[Help us improve your experience.]
+
+The Cloudflare Zero Trust docs team is running a brief 10-question survey from June 5, 2025 to July 5, 2025 to learn how well the documentation is working for you, and where we can do better.
+
+[Take the survey](https://cloudflare.sjc1.qualtrics.com/jfe/form/SV_8wCJEOir5yMzgs6) and share your feedback directly with Cloudflare.
+
+:::