Cloudflare Access

Today NET announced an enhancement to an existing product, Access:

As most of us know, NET is not just a CDN. In this case, they’re building on their network expertise to bring new security products to market. In this offering, they are encroaching on a number of other security players. Essentially, NET will be able to aggregate multiple identity providers and allow you to control access to all your enterprise apps (on premise and in the cloud). A quote from the announcement:

“Access generates a consistent identity from any provider, which we can now extend for SSO purposes to a SaaS application. Even if the application only supports a single identity provider, you can still integrate Cloudflare Access and merge identities across multiple sources. Now, team members who use your Okta instance and contractors who use LinkedIn can both SSO into your Atlassian suite.”

Mentioned above, OKTA is not cut out of the equation completely but they become just one of many other identity providers. Muji (@hhhypergrowth on Twitter) has a nice breakdown here detailing how this might impact OKTA, ZS, and CRWD:…

The really neat thing is that the NET CEO himself replied to that tweet hinting at further enhancements: NET seems to have a product team executing at a very high level right now and a confident CEO.

The way I read it, he is hinting that you may be able to control not only access but permissions to specific apps in a central (Cloudflare) location. Permissions that the app itself may not even be able to grant. If anyone else is doing that type of thing, I’m not aware of it. I’m guessing this will be enabled, again, by Cloudflare’s control over networks.

OT: This is the first time I’ve posted a new topic on the board. I’ve been reading since early July of this year. Very grateful to have found this board and to everyone for the knowledge being shared here.


My first post/reply on this message board!

I also saw the reply from Matthew Prince - it is very cryptic in nature, but intriguing. My guess is that their platform will allow for some granular control on record access, but I think this will have to be handled first by the IAM providers like Okta. Analogy here is CyberArk (and the likes) which provides enhanced OS/App privileges access control which is more granular than the standard OS administrative/root access.

I think both CRWD and OKTA will benefit from the partnership with NET since they will get extra boost from both free and paid customers for the Team service, which prior to that most likely have been using traditional VPN services, and who knows what end point protection. I don’t think NET is trying to become OKTA nor CRWD.


My first post/reply on this message board!

Welcome to the board, rdgyy. Thanks for your post.

Thanks again to Muji for pulling out the Access improvements from what he said looked like simply a branding of group of products they’ve had for close to a year, each of them together doing all of what Zs was offering, and calling it Cloudflare’s One Platform. It was Muji that first explained how NET was doing everything Zs was back then Here,

My question to Rdgyy.
In your post you stated,‘I think this will have to be handled first by the IAM providers like Okta. Analogy here is CyberArk (and the likes) which provides enhanced OS/App privileges access control which is more granular than the standard OS administrative/root access.’

In the tweet, responding to Muji, CEO Prince teased of the possibilities going forward it looked to me as though Cloudflare was looking forward to being the one that will provide this in the near future, if not now.

Is there any particular reason why you think that IAM providers will maintain control of this level of granularity?

Thanks for any clarification you can provide,
Much appreciate you insights,



Hi Jason,

I’ve been following the security space and CloudFlare for a long time (prior to them going IPO).

One of Cloudflare’s principals and focus is to maintain 100% privacy of anything that goes through their services, becoming IAM provider (replacing service like Okta) will contradict that at a high degree. Also Okta is a company with massive number of integrations and becoming the defacto standard for identity provider - don’t see Cloudflare trying to take that away from them. Perhaps Cloudflare is developing fine level of granularity that can be leveraged if the IAM providers connecting to the SaaS providers enhance their APIs. Either way it will be interesting to see how things develop, but again I don’t see Cloudflare taking business from Okta or Crowdstrike.

Yesterday’s additional announcements for enhanced security offering such as domain insights, etc - are extra features that will help them compete better with ZS and traditional IPS/IDS providers such as FTNT, PANW, and Cisco umbrella service.