POST /accounts/{account_id}/access/organizations
Sets up a Zero Trust organization for your account.
Servers
- https://api.cloudflare.com/client/v4
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
account_id |
String | Yes |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
session_duration |
String | No |
The amount of time that tokens issued for applications will be valid. Must be in the format |
user_seat_expiration_inactive_time |
String | No |
The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Minimum value for this setting is 1 month (730h). Must be in the format |
deny_unmatched_requests_exempted_zone_names[] |
Array | No |
Contains zone names to exempt from the |
mfa_config |
Object | No |
Configures multi-factor authentication (MFA) settings for an organization. |
mfa_config.allowed_authenticators[] |
Array | No |
Lists the MFA methods that users can authenticate with. |
mfa_config.session_duration |
String | No |
Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples: |
mfa_configuration_allowed |
Boolean | No |
Indicates if this organization can enforce multi-factor authentication (MFA) requirements at the application and policy level. Default value: false |
auth_domain |
String | Yes |
The unique subdomain assigned to your Zero Trust organization. |
allow_authenticate_via_warp |
Boolean | No |
When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value. Default value: false |
is_ui_read_only |
Boolean | No |
Lock all settings as Read-Only in the Dashboard, regardless of user permission. Updates may only be made via the API or Terraform for this account when enabled. Default value: false |
warp_auth_session_duration |
String | No |
The amount of time that tokens issued for applications will be valid. Must be in the format |
ui_read_only_toggle_reason |
String | No |
A description of the reason why the UI read only field is being toggled. |
auto_redirect_to_identity |
Boolean | No |
When set to Default value: false |
deny_unmatched_requests |
Boolean | No |
Determines whether to deny all requests to Cloudflare-protected resources that lack an associated Access application. If enabled, you must explicitly configure an Access application and policy to allow traffic to your Cloudflare-protected resources. For domains you want to be public across all subdomains, add the domain to the |
name |
String | Yes |
The name of your Zero Trust organization. |
login_design |
Object | No | |
login_design.header_text |
String | No |
The text at the top of your login page. |
login_design.background_color |
String | No |
The background color on your login page. |
login_design.logo_path |
String | No |
The URL of the logo on your login page. |
login_design.footer_text |
String | No |
The text at the bottom of your login page. |
login_design.text_color |
String | No |
The text color on your login page. |
mfa_required_for_all_apps |
Boolean | No |
Determines whether global MFA settings apply to applications by default. The organization must have MFA enabled with at least one authentication method and a session duration configured. Default value: false |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.