Help with a Confuddled Accounts Setup

Hi there,

We have two domains:

  • [domain1.com] – which is on the paid Cloudflare Access plan as we require automated services authentication
  • [domain2.com] – which is on the free Cloudflare Access plan to take advantage of the 50 free users

There are three accounts controlling these domains:

We now have the need to have one shared API key between them for a Devops configuration. Therefore, we now need to change from the above setup to:

  • One single account ([[email protected]]) having Super Admin access rights of both domains ([domain1.com] and [domain2.com])
  • Put both domains ([domain1.com] and [domain2.com] on the paid Cloudflare Access plan
  • Remove accounts [[email protected]] and [[email protected]] from the setup

We’ve tried to change the email of [[email protected]] to become [[email protected]] but received error code:

“Unable to update email. Email already in use (Code: 1057)”

Because of this we assumed the same thing would happen if we tried to change the email of [[email protected]] to [[email protected]]

From this advice we know that we need to use the following process to change the Super Administrator:

  1. change [[email protected]] account to [[email protected]], then
  2. change [[email protected]] to [[email protected]], and
  3. finally change [[email protected]] to [[email protected]].

In our case, does this mean that we need to change [[email protected]] to [[email protected]] and remove it from being the Super Administrator of [domain1.com] and Administrator of [domain2.com]? Or do we change [[email protected]] to [[email protected]] and remove it from being the Super Administrator of [domain2.com]?

This is becoming mind-boggling for us – we would greatly appreciate some assistance on the steps required to achieve the above goal :slightly_smiling_face:

Thank you in advance!
Kind regards

1 Like

That is a lot of detail, @cf-pwa thank you. Unfortunately, I suspect the detail is what led to no replies on the topic :frowning:

You understand the basic steps of changing super admin and I suspect you can simplify the task by focusing on getting both domains in one account, first. From there you can change roles without the two account variable. I’d start by adding the free domain to the account with the paid plan, change the nameservers for the zone on the free plan to the two on the paid plan, delete the zone/domain from the free account. I imagine you’ll need to post back and have us purge the zone from the old account and you’ll most likely have downtime on that account while the cut over is happening. Maybe @MVP can offer a more elegant/simpler approach?

Hi @cloonan and thanks for your reply :slightly_smiling_face:

This is what I’ve attempted as per the basic steps of changing super admin from [[email protected]] to [[email protected]]:

This hasn’t solved the issue – rather just swapped [[email protected]] and [[email protected]] – so that [[email protected]] is now the Super Administrator of [domain2.com] and [[email protected]] is now the Super Administrator of [domain1.com].

This approach hasn’t seem to have worked – is there any way to do this that doesn’t involve a complete tear down and rebuild from one account to the other? We have a lot of DNS and Access rules on both accounts and wouldn’t want to break them due to potential human error in migration.

––

I have a few ideas:

1 – What if I was to remove all members from [domain1.com] except for [[email protected]] and [[email protected]] – and then delete [[email protected]]'s account? Would the Super Administrator then fall back to [[email protected]] (as it’s now the only member)?

2 – I notice that the guide says:

“Enterprise users can have multiple Super Administrators associated with their accounts.”

Perhaps Cloudflare support could temporarily put us to an Enterprise plan to enable us to add [[email protected]] as a Super Administrator of [domain1.com] and then remove [[email protected]]? And then downgrade us back after it’s done? That seems like the easiest method, if it’s at all possible.

Looking forward to your reply.
Kind regards

Is the end goal to move a domain from one account to another?

If that is the case, the process is essentially to add it to the “primary” account, recreate all the settings, and then change the nameservers. If you copy the settings correctly, this should be hitless.

1 Like

Is there any way to do this that doesn’t involve recreating all of the settings? We have a lot of DNS and Access rules on both accounts and wouldn’t want to break them due to potential human error in migration.

Hi @cf-pwa,

We apologize, but support would not be able to upgrade an account to Enterprise, then downgrade the account once an email is changed.

The best option would be to do what @michael suggested with adding the site to the primary account and changing the nameservers. If you are worried about losing settings, you could use the API to export the settings on one site (zone) and import them into the new site (zone).

https://api.cloudflare.com

One thing to note, anytime you delete a user profile on Cloudflare, you are not able to use that email again in Cloudflare for up to 1 year. This method would also not automatically upgrade a member to Super Admin from Admin once the super admin is removed.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.