Skip to contentAboutThe people and vision powering ProboBlogThe latest news from ProboStoriesHear from our customersChangelogLatest product updatesDocsDocumentation for ProboGitHubExplore our open-source compliance tools

Cloudflare

Probo reads your Cloudflare account’s members through the Cloudflare API so you can review who has access.

  • Probo organization administrator access
  • Membership in the Cloudflare account you want to review, with privileges to grant account-level read permissions (Super Administrator - All Privileges is sufficient; an account Administrator also works)
  • The token scoped to include every account whose members should be reviewed (Account Resources set to All accounts or the specific accounts), since Probo only sees accounts the token is authorized for
Probo field Cloudflare field Notes
Name first_name and last_name Combined into the member’s display name
Email email
Role roles[].name Defaults to Member when the member has no roles
Admin roles[].name Flagged as an administrator when a role is Super Administrator - All Privileges or Administrator
Status status A member is active when status is accepted
MFA two_factor_authentication_enabled Whether two-factor authentication is enabled for the member
Last login Not supported
External ID id Stable identifier used to track the account across reviews
Created at Not supported

Creating a custom API token in the Cloudflare dashboard

  1. In the Cloudflare dashboard, go to My Profile > API Tokens > Create Token, then choose Get started under Custom token.
  2. Name it (e.g. Probo Access Review), add the permission Account > Account Settings > Read, and set Account Resources to Include > All accounts (or the specific accounts to review). Read access is enough, since Probo only issues read requests.
  3. Create the token, then copy it and store it securely. It’s shown only once.
  1. In Probo, go to Access Reviews > Sources > Add Source.
  2. Find Cloudflare, click API Key, paste the token, and click Connect.

Probo names the source after your first Cloudflare account and pulls its members into your campaigns.

  • Token rejected. Confirm it’s a scoped API Token with Account Settings: Read permission. A Global API Key won’t work, because it uses X-Auth-Email and X-Auth-Key headers instead of Authorization: Bearer.
  • No members appear. The token must be scoped to include the account you’re reviewing (Account Resources), and its creator must be a member of that account with permission to read the account’s membership.