A Zero Trust organization defines the user login experience.
resource "cloudflare_access_organization" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
name = "example.cloudflareaccess.com"
auth_domain = "example.cloudflareaccess.com"
is_ui_read_only = false
user_seat_expiration_inactive_time = "720h"
auto_redirect_to_identity = false
login_design {
background_color = "#ffffff"
text_color = "#000000"
logo_path = "https://example.com/logo.png"
header_text = "My header text"
footer_text = "My footer text"
}
}
auth_domain
(String) The unique subdomain assigned to your Zero Trust organization.account_id
(String) The account identifier to target for the resource. Conflicts with zone_id
.allow_authenticate_via_warp
(Boolean) When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value.auto_redirect_to_identity
(Boolean) When set to true, users skip the identity provider selection step during login.custom_pages
(Block List) Custom pages for your Zero Trust organization. (see below for nested schema)is_ui_read_only
(Boolean) When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.login_design
(Block List) (see below for nested schema)name
(String) The name of your Zero Trust organization.session_duration
(String) How often a user will be forced to re-authorise. Must be in the format 48h
or 2h45m
.ui_read_only_toggle_reason
(String) A description of the reason why the UI read only field is being toggled.user_seat_expiration_inactive_time
(String) The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format 300ms
or 2h45m
.warp_auth_session_duration
(String) The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time units are: m, h.zone_id
(String) The zone identifier to target for the resource. Conflicts with account_id
.id
(String) The ID of this resource.custom_pages
Optional:
forbidden
(String) The id of the forbidden page.identity_denied
(String) The id of the identity denied page.login_design
Optional:
background_color
(String) The background color on the login page.footer_text
(String) The text at the bottom of the login page.header_text
(String) The text at the top of the login page.logo_path
(String) The URL of the logo on the login page.text_color
(String) The text color on the login page.Import is supported using the following syntax:
$ terraform import cloudflare_access_organization.example <account_id>