This plugin makes it very easy to integrate Cloudflare Access with Craft CMS. Cloudflare Access is a modern, zero trust solution to protect applications or websites. You can use it to protect the control panel of a Craft website, or even the complete website.
This plugin adds automatic logging in to either the control panel, the frontend or both using the identity provided by Cloudflare. Cloudflare Access makes it easy to integrate various identity providers, like Okta, Microsoft Azure AD, Google Workspace or social media accounts like Facebook, GitHub or Google accounts. Cloudflare Access is free up to 50 users. It requires your sites traffic to be proxied through Cloudflare.
How does this work?
Each application protected by Cloudflare access is protected by a Cloudflare login page. This can be set for a full
domain or a part of it (e.g. only
Cloudflare injects a JWT header which contains a signature, expiry information, and the user's identity. This plugin decodes the JWT, attempts to find a matching user in Craft CMS, and automatically signs in that user when the user is not suspended or deactivated.
This way you enable single sign-on for your users, which reduces friction, relieves them from saving another password, and you increase security when you rely on 2FA from external identity providers.
You may choose to enable this feature for control panel URLs, frontend URLs, or both. This plugin does not create new users if they do not exist in Craft.
To install this plugin, copy the command above to your terminal.