Adding domain level account for a client to access their domain?

I work for an MSP and we manage multiple clients DNS through a single overarching Cloudflare account.

Is it possible for me to setup a Domain level account for an external client to be able to login and access only their DNS?

If so, where is this setup?


If you are not an Enterprise customer, the answer is definitely “You can’t do that.” Sharing of account access is always at full admin level which generally means the customer can do anything to any domain in the account.

You can review the subtle differences in permissions between the super-admin and admin accounts in the Cloudflare online documentation.

API access can be scoped and limited, but the customer would need to be comfortable using the Cloudflare API.

If your customer who wants DNS access had their own Cloudflare account, your MSP Cloudflare account(s) could be invited to joint the customer’s team.

I realize that there are potentially some situations where an MSP customer may have a legitimate need to access their DNS, but typically an MSP client should be requesting all DNS changes though proper support channels to prevent Bad Things™ and to provide a documentation trail.