Skip to content About The people and vision powering Probo Blog The latest news from Probo Stories Hear from our customers Changelog Latest product updates Docs Documentation for Probo GitHub Explore our open-source compliance tools

Cloudflare

Probo reads your Cloudflare account’s members through the Cloudflare API so you can review who has access.

  • Probo organization administrator access
  • Membership in the Cloudflare account you want to review, with privileges to grant account-level read permissions (Super Administrator - All Privileges is sufficient; an account Administrator also works)
  • The token scoped to include every account whose members should be reviewed (Account Resources set to All accounts or the specific accounts), since Probo only sees accounts the token is authorized for
Probo fieldCloudflare fieldNotes
Namefirst_name and last_nameCombined into the member’s display name
Emailemail
Roleroles[].nameDefaults to Member when the member has no roles
Adminroles[].nameFlagged as an administrator when a role is Super Administrator - All Privileges or Administrator
StatusstatusA member is active when status is accepted
MFAtwo_factor_authentication_enabledWhether two-factor authentication is enabled for the member
Last loginNot supported
External IDidStable identifier used to track the account across reviews
Created atNot supported

Creating a custom API token in the Cloudflare dashboard

  1. In the Cloudflare dashboard, go to My Profile > API Tokens > Create Token, then choose Get started under Custom token.
  2. Name it (e.g. Probo Access Review), add the permission Account > Account Settings > Read, and set Account Resources to Include > All accounts (or the specific accounts to review). Read access is enough, since Probo only issues read requests.
  3. Create the token, then copy it and store it securely. It’s shown only once.
  1. In Probo, go to Access Reviews > Sources > Add Source.
  2. Find Cloudflare, click API Key, paste the token, and click Connect.

Probo names the source after your first Cloudflare account and pulls its members into your campaigns.

  • Token rejected. Confirm it’s a scoped API Token with Account Settings: Read permission. A Global API Key won’t work, because it uses X-Auth-Email and X-Auth-Key headers instead of Authorization: Bearer.
  • No members appear. The token must be scoped to include the account you’re reviewing (Account Resources), and its creator must be a member of that account with permission to read the account’s membership.