Skip to content

[CF1] Refine UI instructions #26642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Nov 20, 2025
Merged

[CF1] Refine UI instructions #26642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
4d58e10
Edit Custom pages
maxvp Nov 19, 2025
4938a15
Add examples
maxvp Nov 19, 2025
ee95862
Update In Zero Trust instances and corresponding UI
maxvp Nov 19, 2025
8c24447
Update Firewall policy partials
maxvp Nov 19, 2025
76cbf74
Add other instances of Zero Trust and old UI
maxvp Nov 20, 2025
45620d1
Merge branch 'production' into max/zt/refine-cf1-instructions
maxvp Nov 20, 2025
c6d0dbc
Update Certs and downloads
maxvp Nov 20, 2025
f9178b0
Merge remote-tracking branch 'refs/remotes/origin/max/zt/refine-cf1-i…
maxvp Nov 20, 2025
919d4f6
Apply suggestions from code review
maxvp Nov 20, 2025
bde375d
Apply suggestions from code review
maxvp Nov 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions src/content/changelog/cloudflare-one/cf1-data-security-analytics-v1.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,20 +7,20 @@ products:
- casb
---

Zero Trust now includes **Data security analytics**, providing you with unprecedented visibility into your organization sensitive data.
Zero Trust now includes **Data security analytics**, providing you with unprecedented visibility into your organization sensitive data.

The new dashboard includes:

* **Sensitive Data Movement Over Time:**
- See patterns and trends in how sensitive data moves across your environment. This helps understand where data is flowing and identify common paths.
- **Sensitive Data Movement Over Time:**
- See patterns and trends in how sensitive data moves across your environment. This helps understand where data is flowing and identify common paths.

* **Sensitive Data at Rest in SaaS & Cloud:**
- View an inventory of sensitive data stored within your corporate SaaS applications (for example, Google Drive, Microsoft 365) and cloud accounts (such as AWS S3).
- **Sensitive Data at Rest in SaaS & Cloud:**
- View an inventory of sensitive data stored within your corporate SaaS applications (for example, Google Drive, Microsoft 365) and cloud accounts (such as AWS S3).

* **DLP Policy Activity:**
- Identify which of your Data Loss Prevention (DLP) policies are being triggered most often.
- See which specific users are responsible for triggering DLP policies.
- **DLP Policy Activity:**
- Identify which of your Data Loss Prevention (DLP) policies are being triggered most often.
- See which specific users are responsible for triggering DLP policies.

![Data Security Analytics](~/assets/images/changelog/cloudflare-one/cf1-data-security-analytics-v1.png)

To access the new dashboard, log in to [Zero Trust](https://one.dash.cloudflare.com/) and go to **Analytics** on the sidebar.
To access the new dashboard, log in to [Cloudflare One](https://one.dash.cloudflare.com/) and go to **Insights** on the sidebar.
12 changes: 5 additions & 7 deletions ...angelog/cloudflare-one/new-cloudflare-one-navigation-and-product-experience.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,12 @@ There is a new guided experience on login detailing the changes, and you can use
![Cloudflare One Dash Changes](~/assets/images/changelog/cloudflare-one/cf1-dash-changes.png)

Notable changes
- Product names have been removed from many top-level navigation items to help bring clarity to what they help you accomplish. For example, you can find Gateway policies under ‘Traffic policies’ and CASB findings under ‘Cloud & SaaS findings.’
- You can view all analytics, logs, and real-time monitoring tools from ‘Insights.’
- ‘Networks’ better maps the ways that your corporate network interacts with Cloudflare. Some pages like Tunnels, are now a tab rather than a full page as part of these changes. You can find them at Networks > Connectors.
- Settings are now located closer to the tools and resources they impact. For example, this means you’ll find your WARP configurations at Team & Resources > Devices.

- Product names have been removed from many top-level navigation items to help bring clarity to what they help you accomplish. For example, you can find Gateway policies under ‘Traffic policies' and CASB findings under ‘Cloud & SaaS findings.'
- You can view all analytics, logs, and real-time monitoring tools from ‘Insights.'
- ‘Networks' better maps the ways that your corporate network interacts with Cloudflare. Some pages like Tunnels, are now a tab rather than a full page as part of these changes. You can find them at Networks > Connectors.
- Settings are now located closer to the tools and resources they impact. For example, this means you'll find your WARP configurations at Team & Resources > Devices.

![New Cloudflare One Navigation](~/assets/images/changelog/cloudflare-one/new-cf1-navigation.png)

No changes to our API endpoint structure or to any backend services have been made as part of this effort.



12 changes: 5 additions & 7 deletions src/content/docs/analytics/analytics-integrations/sentinel.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ pcx_content_type: how-to
title: Sentinel
sidebar:
order: 105

---

import { Details } from "~/components";
Expand All @@ -30,9 +29,10 @@ This guide provides clear, step-by-step instructions for integrating Cloudflare
3. Select **Create Logpush Job**. Choose the log type you want to export (for example, **HTTP requests**).
4. For the destination, select **Azure Blob Storage**.
5. Enter your Azure Blob Storage details:
- SAS Token (Shared Access Signature)
- SAS Token (Shared Access Signature)

To generate a SAS token from the Azure portal, first navigate to your storage account. Under the **Data Storage** section, select **Containers** and choose the relevant container. Within the settings, locate and select **Shared access signature**. Configure the required permissions, such as `write` and `create`, and specify the start and expiration dates for the token. Once configured, generate the SAS token accordingly.

To generate a SAS token from the Azure portal, first navigate to your storage account. Under the **Data Storage** section, select **Containers** and choose the relevant container. Within the settings, locate and select **Shared access signature**. Configure the required permissions, such as `write` and `create`, and specify the start and expiration dates for the token. Once configured, generate the SAS token accordingly.
6. Save and activate the Logpush job.

For complete details, refer to the [Cloudflare Logpush to Azure documentation](/logs/logpush/logpush-job/enable-destinations/azure/).
Expand Down Expand Up @@ -290,10 +290,8 @@ SecurityRuleDescription<br />

</Details>

## Resources
## Resources

[Download Cloudflare's CCF Sentinel Solution](https://marketplace.microsoft.com/en-us/product/azure-application/cloudflare.azure-sentinel-solution-cloudflare-ccf?tab=Overview)<br />
[Microsoft Data Lake Overview](https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-overview)<br />
[Microsoft Data Lake Overview](https://learn.microsoft.com/en-us/azure/sentinel/datalake/sentinel-lake-overview)<br />
[About the CCF Platform](https://learn.microsoft.com/en-us/azure/sentinel/create-codeless-connector)


18 changes: 9 additions & 9 deletions ...flare-one/access-controls/applications/http-apps/authorization-cookie/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,20 @@ The following Access cookies are essential to Access functionality. Cookies that

### CF_Authorization (team domain)

| Details | Expiration | HttpOnly | SameSite | Required? |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
| Details | Expiration | HttpOnly | SameSite | Required? |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
| [JSON web token (JWT)](/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/#access-jwts) set on the `cloudflareaccess.com` [team domain](/cloudflare-one/faq/getting-started-faq/#what-is-a-team-domainteam-name) that contains the user's identity and enables Access to perform single sign-on (SSO) | <details><summary>View</summary>If set, adheres to [global session duration](/cloudflare-one/access-controls/access-settings/session-management/#global-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/access-controls/access-settings/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes | None | Required |

### CF_Authorization (Access application domain)

| Details | Expiration | HttpOnly | SameSite | Required? |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------- | --------- |
| Details | Expiration | HttpOnly | SameSite | Required? |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------- | --------- |
| [JSON web token (JWT)](/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/#access-jwts) set on the domain protected by Access that allows Access to confirm that the user has been authenticated and is authorized to reach the origin | <details><summary>View</summary>If set, adheres to [policy session duration](/cloudflare-one/access-controls/access-settings/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/access-controls/access-settings/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Admin choice (Default: None) | Admin choice (Default: None) | Required |

### CF_Binding

| Details | Expiration | HttpOnly | SameSite | Required? |
| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
| Details | Expiration | HttpOnly | SameSite | Required? |
| ---------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -------- | --------- |
| Refer to [Binding cookie](/cloudflare-one/access-controls/applications/http-apps/authorization-cookie/#binding-cookie) | <details><summary>View</summary>If set, adheres to [policy session duration](/cloudflare-one/access-controls/access-settings/session-management/#policy-session-duration).<br/><br/>If not, adheres to [application session duration](/cloudflare-one/access-controls/access-settings/session-management/#application-session-duration).<br/><br/>If neither are set, defaults to 24 hours.</details> | Yes | None | Optional |

### CF_Session
Expand All @@ -64,8 +64,8 @@ The following Access cookies are essential to Access functionality. Cookies that

### CF_Device

| Details | Expiration | HttpOnly | SameSite | Required? |
| ----------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | -------- | --------- |
| Details | Expiration | HttpOnly | SameSite | Required? |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | -------- | -------- | --------- |
| Cookie used to help prevent abuse of the [Access OTP flow](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/one-time-pin/) | 30 days | Yes | Strict | Required |

## Cookie settings
Expand Down Expand Up @@ -124,7 +124,7 @@ Do not enable `HttpOnly` if:

### Binding cookie

The binding cookie (`CF_Binding`) is an optional cookie issued when a user successfully authenticates. The binding cookie is sent by the users browser and tied to a specific applications `CF_Authorization` cookie. This cookie is stripped at Cloudflare's edge and never forwarded to the origin server.
The binding cookie (`CF_Binding`) is an optional cookie issued when a user successfully authenticates. The binding cookie is sent by the user's browser and tied to a specific application's `CF_Authorization` cookie. This cookie is stripped at Cloudflare's network and never forwarded to the origin server.

Binding cookies protect users' `CF_Authorization` cookies from possible malicious origins. If a request arrives to Cloudflare's network without the expected binding cookie, Cloudflare rejects the `CF_Authorization` cookie.

Expand Down
Loading
Loading