Cloudflare
Probo reads your Cloudflare account’s members through the Cloudflare API so you can review who has access.
Prerequisites
Section titled “Prerequisites”- Probo organization administrator access
- Membership in the Cloudflare account you want to review, with privileges to grant account-level read permissions (Super Administrator - All Privileges is sufficient; an account Administrator also works)
- The token scoped to include every account whose members should be reviewed (Account Resources set to All accounts or the specific accounts), since Probo only sees accounts the token is authorized for
Collected Fields
Section titled “Collected Fields”| Probo field | Cloudflare field | Notes |
|---|---|---|
| Name | first_name and last_name | Combined into the member’s display name |
email | ||
| Role | roles[].name | Defaults to Member when the member has no roles |
| Admin | roles[].name | Flagged as an administrator when a role is Super Administrator - All Privileges or Administrator |
| Status | status | A member is active when status is accepted |
| MFA | two_factor_authentication_enabled | Whether two-factor authentication is enabled for the member |
| Last login | Not supported | |
| External ID | id | Stable identifier used to track the account across reviews |
| Created at | Not supported |
Step 1: Create an API Token
Section titled “Step 1: Create an API Token”
- In the Cloudflare dashboard, go to My Profile > API Tokens > Create Token, then choose Get started under Custom token.
- Name it (e.g.
Probo Access Review), add the permission Account > Account Settings > Read, and set Account Resources to Include > All accounts (or the specific accounts to review). Read access is enough, since Probo only issues read requests. - Create the token, then copy it and store it securely. It’s shown only once.
Step 2: Connect in Probo
Section titled “Step 2: Connect in Probo”- In Probo, go to Access Reviews > Sources > Add Source.
- Find Cloudflare, click API Key, paste the token, and click Connect.
Probo names the source after your first Cloudflare account and pulls its members into your campaigns.
Troubleshooting
Section titled “Troubleshooting”- Token rejected. Confirm it’s a scoped API Token with Account Settings: Read permission. A Global API Key won’t work, because it uses
X-Auth-EmailandX-Auth-Keyheaders instead ofAuthorization: Bearer. - No members appear. The token must be scoped to include the account you’re reviewing (Account Resources), and its creator must be a member of that account with permission to read the account’s membership.