diff --git a/Access_Controls-Applications-Infrastructure.tf b/Access_Controls-Applications-Infrastructure.tf index c7fdc04..2fa6b72 100644 --- a/Access_Controls-Applications-Infrastructure.tf +++ b/Access_Controls-Applications-Infrastructure.tf @@ -41,7 +41,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_infra" { name = "SSH GCP Infrastructure Policy" decision = "allow" - allowed_idps = [var.cloudflare_okta_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = true allow_authenticate_via_warp = false diff --git a/Access_Controls-Applications-rdp.tf b/Access_Controls-Applications-rdp.tf index ee9f689..193cc1e 100644 --- a/Access_Controls-Applications-rdp.tf +++ b/Access_Controls-Applications-rdp.tf @@ -44,7 +44,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_rdp_domain" }] # Identity provider settings - allowed_idps = [var.cloudflare_okta_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = true enable_binding_cookie = false http_only_cookie_attribute = false diff --git a/Access_Controls-Applications-self_hosted.tf b/Access_Controls-Applications-self_hosted.tf index dd11558..8f0e0c4 100644 --- a/Access_Controls-Applications-self_hosted.tf +++ b/Access_Controls-Applications-self_hosted.tf @@ -50,7 +50,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_web_competit uri = var.cloudflare_subdomain_web_sensitive }] - allowed_idps = [var.cloudflare_okta_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = true allow_authenticate_via_warp = false @@ -81,7 +83,9 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_web_intranet uri = var.cloudflare_subdomain_web }] - allowed_idps = [var.cloudflare_okta_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = true allow_authenticate_via_warp = false diff --git a/Access_Controls-Applications-ssh.tf b/Access_Controls-Applications-ssh.tf index cb4f330..9a00f78 100644 --- a/Access_Controls-Applications-ssh.tf +++ b/Access_Controls-Applications-ssh.tf @@ -24,7 +24,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_ssh_browser" uri = var.cloudflare_subdomain_ssh }] - allowed_idps = [var.cloudflare_okta_identity_provider_id, var.cloudflare_otp_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.gmail.id, + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = false allow_authenticate_via_warp = false diff --git a/Access_Controls-Applications-vnc.tf b/Access_Controls-Applications-vnc.tf index 1205298..d1d8745 100644 --- a/Access_Controls-Applications-vnc.tf +++ b/Access_Controls-Applications-vnc.tf @@ -24,7 +24,10 @@ resource "cloudflare_zero_trust_access_application" "cloudflare_app_vnc_browser" uri = var.cloudflare_subdomain_vnc }] - allowed_idps = [var.cloudflare_okta_identity_provider_id, var.cloudflare_otp_identity_provider_id] + allowed_idps = [ + cloudflare_zero_trust_access_identity_provider.gmail.id, + cloudflare_zero_trust_access_identity_provider.authentik_oidc.id, + ] auto_redirect_to_identity = false allow_authenticate_via_warp = false diff --git a/Integrations-Identity_providers.tf b/Integrations-Identity_providers.tf index f0d48f2..ba6f413 100644 --- a/Integrations-Identity_providers.tf +++ b/Integrations-Identity_providers.tf @@ -34,3 +34,10 @@ resource "cloudflare_zero_trust_access_identity_provider" "authentik_oidc" { token_url = "https://authentik.${var.cloudflare_authentik_domain}/application/o/token/" } } + +data "cloudflare_zero_trust_access_identity_provider" "gmail" { + account_id = local.cloudflare_account_id + + identity_provider_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" + zone_id = "zone_id" +}