Updates a configured Access group.
/accounts/{identifier}/access/groups/{uuid}
put
Access groups
access-groups-update-an-access-group
nullnull[
{
"in": "path",
"name": "uuid",
"required": true,
"schema": {
"description": "UUID",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"readOnly": true,
"type": "string"
}
},
{
"in": "path",
"name": "identifier",
"required": true,
"schema": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
}
]{
"content": {
"application/json": {
"schema": {
"properties": {
"exclude": {
"description": "Rules evaluated with a NOT logical operator. To match a policy, a user cannot meet any of the Exclude rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"include": {
"description": "Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"is_default": {
"description": "Whether this is the default group",
"type": "boolean"
},
"name": {
"description": "The name of the Access group.",
"example": "Allow devs",
"type": "string"
},
"require": {
"description": "Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
}
},
"required": [
"name",
"include"
]
}
}
},
"required": true
}{
"200": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"properties": {
"created_at": {
"example": "2014-01-01T05:20:00.12345Z",
"format": "date-time",
"readOnly": true,
"type": "string"
},
"exclude": {
"description": "Rules evaluated with a NOT logical operator. To match a policy, a user cannot meet any of the Exclude rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"id": {
"description": "UUID",
"example": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"maxLength": 36,
"readOnly": true,
"type": "string"
},
"include": {
"description": "Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"is_default": {
"description": "Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"name": {
"description": "The name of the Access group.",
"example": "Allow devs",
"type": "string"
},
"require": {
"description": "Rules evaluated with an AND logical operator. To match a policy, a user must meet all of the Require rules.",
"items": {
"oneOf": [
{
"description": "Matches a specific email.",
"properties": {
"email": {
"properties": {
"email": {
"description": "The email of the user.",
"example": "test@example.com",
"format": "email",
"type": "string"
}
},
"required": [
"email"
],
"type": "object"
}
},
"required": [
"email"
],
"title": "Email",
"type": "object"
},
{
"description": "Matches an email address from a list.",
"properties": {
"email_list": {
"properties": {
"id": {
"description": "The ID of a previously created email list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"email_list"
],
"title": "Email list",
"type": "object"
},
{
"description": "Match an entire email domain.",
"properties": {
"email_domain": {
"properties": {
"domain": {
"description": "The email domain to match.",
"example": "example.com",
"type": "string"
}
},
"required": [
"domain"
],
"type": "object"
}
},
"required": [
"email_domain"
],
"title": "Email domain",
"type": "object"
},
{
"description": "Matches everyone.",
"properties": {
"everyone": {
"description": "An empty object which matches on all users.",
"example": {},
"type": "object"
}
},
"required": [
"everyone"
],
"title": "Everyone",
"type": "object"
},
{
"description": "Matches an IP address block.",
"properties": {
"ip": {
"properties": {
"ip": {
"description": "An IPv4 or IPv6 CIDR block.",
"example": "2400:cb00:21:10a::/64",
"type": "string"
}
},
"required": [
"ip"
],
"type": "object"
}
},
"required": [
"ip"
],
"title": "IP ranges",
"type": "object"
},
{
"description": "Matches an IP address from a list.",
"properties": {
"ip_list": {
"properties": {
"id": {
"description": "The ID of a previously created IP list.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"ip_list"
],
"title": "IP list",
"type": "object"
},
{
"description": "Matches any valid client certificate.",
"example": {
"certificate": {}
},
"properties": {
"certificate": {
"example": {},
"type": "object"
}
},
"required": [
"certificate"
],
"title": "Valid certificate",
"type": "object"
},
{
"description": "Matches an Access group.",
"properties": {
"group": {
"properties": {
"id": {
"description": "The ID of a previously created Access group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id"
],
"type": "object"
}
},
"required": [
"group"
],
"title": "Access groups",
"type": "object"
},
{
"description": "Matches an Azure group.\nRequires an Azure identity provider.",
"properties": {
"azureAD": {
"properties": {
"connection_id": {
"description": "The ID of your Azure identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"id": {
"description": "The ID of an Azure group.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"id",
"connection_id"
],
"type": "object"
}
},
"required": [
"azureAD"
],
"title": "Azure group",
"type": "object"
},
{
"description": "Matches a Github organization.\nRequires a Github identity provider.",
"properties": {
"github-organization": {
"properties": {
"connection_id": {
"description": "The ID of your Github identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"name": {
"description": "The name of the organization.",
"example": "cloudflare",
"type": "string"
}
},
"required": [
"name",
"connection_id"
],
"type": "object"
}
},
"required": [
"github-organization"
],
"title": "Github organization",
"type": "object"
},
{
"description": "Matches a group in Google Workspace.\nRequires a Google Workspace identity provider.",
"properties": {
"gsuite": {
"properties": {
"connection_id": {
"description": "The ID of your Google Workspace identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Google Workspace group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"gsuite"
],
"title": "Google Workspace group",
"type": "object"
},
{
"description": "Matches an Okta group.\nRequires an Okta identity provider.",
"properties": {
"okta": {
"properties": {
"connection_id": {
"description": "The ID of your Okta identity provider.",
"example": "ea85612a-29c8-46c2-bacb-669d65136971",
"type": "string"
},
"email": {
"description": "The email of the Okta group.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"email",
"connection_id"
],
"type": "object"
}
},
"required": [
"okta"
],
"title": "Okta group",
"type": "object"
},
{
"description": "Matches a SAML group.\nRequires a SAML identity provider.",
"properties": {
"saml": {
"properties": {
"attribute_name": {
"description": "The name of the SAML attribute.",
"example": "group",
"type": "string"
},
"attribute_value": {
"description": "The SAML attribute value to look for.",
"example": "devs@cloudflare.com",
"type": "string"
}
},
"required": [
"attribute_name",
"attribute_value"
],
"type": "object"
}
},
"required": [
"saml"
],
"title": "SAML group",
"type": "object"
},
{
"description": "Matches a specific Access Service Token",
"properties": {
"service_token": {
"properties": {
"token_id": {
"description": "The ID of a Service Token.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"token_id"
],
"type": "object"
}
},
"required": [
"service_token"
],
"title": "Service Token",
"type": "object"
},
{
"description": "Matches any valid Access Service Token",
"properties": {
"any_valid_service_token": {
"description": "An empty object which matches on all service tokens.",
"example": {},
"type": "object"
}
},
"required": [
"any_valid_service_token"
],
"title": "Any Valid Service Token",
"type": "object"
},
{
"description": "Create Allow or Block policies which evaluate the user based on custom criteria.",
"properties": {
"external_evaluation": {
"properties": {
"evaluate_url": {
"description": "The API endpoint containing your business logic.",
"example": "https://eval.example.com",
"type": "string"
},
"keys_url": {
"description": "The API endpoint containing the key that Access uses to verify that the response came from your API.",
"example": "https://eval.example.com/keys",
"type": "string"
}
},
"required": [
"evaluate_url",
"keys_url"
],
"type": "object"
}
},
"required": [
"external_evaluation"
],
"title": "External Evaluation",
"type": "object"
},
{
"description": "Matches a specific country",
"properties": {
"geo": {
"properties": {
"country_code": {
"description": "The country code that should be matched.",
"example": "US",
"type": "string"
}
},
"required": [
"country_code"
],
"type": "object"
}
},
"required": [
"geo"
],
"title": "Country",
"type": "object"
},
{
"description": "Enforce different MFA options",
"properties": {
"auth_method": {
"properties": {
"auth_method": {
"description": "The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176.",
"example": "mfa",
"type": "string"
}
},
"required": [
"auth_method"
],
"type": "object"
}
},
"required": [
"auth_method"
],
"title": "Authentication method",
"type": "object"
},
{
"description": "Enforces a device posture rule has run successfully",
"properties": {
"device_posture": {
"properties": {
"integration_uid": {
"description": "The ID of a device posture integration.",
"example": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f",
"type": "string"
}
},
"required": [
"integration_uid"
],
"type": "object"
}
},
"required": [
"device_posture"
],
"title": "Device Posture",
"type": "object"
}
],
"type": "object"
},
"type": "array"
},
"updated_at": {
"example": "2014-01-01T05:20:00.12345Z",
"format": "date-time",
"readOnly": true,
"type": "string"
}
},
"type": "object"
}
}
}
]
}
}
},
"description": "Update an Access group response"
},
"4XX": {
"content": {
"application/json": {
"schema": {
"properties": {
"errors": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": [
{
"code": 7003,
"message": "No route for the URI"
}
],
"minLength": 1
},
"messages": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": []
},
"result": {
"enum": [
null
],
"nullable": true,
"type": "object"
},
"success": {
"description": "Whether the API call was successful",
"enum": [
false
],
"example": false,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
}
}
},
"description": "Update an Access group response failure"
}
}[
{
"api_email": [],
"api_key": []
}
]