Globally disable email auth

Federation Broker is a technology that enables users to access resources using credentials at their own identity provider. Furthermore, it enables users to provide access to other users without creating individual federation connections to each and every user.

Here’s the typical setup. Users make or verify the setup of their own identity provider - it can be Okta, Microsoft Entra/Azure AD, Authentik, or anything else. They then connect their own IdP to their personal Cloudflare Zero Trust account. Next, a SaaS application is added to their Cloudflare Zero Trust application which is added as a IdP source within the Federation Broker Cloudflare Zero Trust account. Finally, the Federation Broker Cloudflare Zero Trust account is set as an IdP for resources and other destinations.

So, the flow is User’s Own IdP → User’s Personal Cloudflare Access Account → Federation Broker Cloudflare Access Account → Destination Application. This has some distinct advantages. For starters, since the end user connects their IdP to their own Cloudflare Access account and then that Cloudflare account is connected to federation broker, updates to the end user’s IdP, such as changing to a new IdP or certs expiring, do not require the intervention of Federation Broker administrators. 

Federation Broker is a technology that enables users to access resources using credentials at their own identity provider. Furthermore, it enables users to provide access to other users without creating individual federation connections to each and every user.

Here’s the typical setup. Users make or verify the setup of their own identity provider - it can be Okta, Microsoft Entra/Azure AD, Authentik, or anything else. They then connect their own IdP to their personal Cloudflare Zero Trust account. Next, a SaaS application is added to their Cloudflare Zero Trust application which is added as a IdP source within the Federation Broker Cloudflare Zero Trust account. Finally, the Federation Broker Cloudflare Zero Trust account is set as an IdP for resources and other destinations.

So, the flow is User’s Own IdP → User’s Personal Cloudflare Access Account → Federation Broker Cloudflare Access Account → Destination Application. This has some distinct advantages. For starters, since the end user connects their IdP to their own Cloudflare Access account and then that Cloudflare account is connected to federation broker, updates to the end user’s IdP, such as changing to a new IdP or certs expiring, do not require the intervention of Federation Broker administrators.