Using Okta, Azure, GitHub or Google Group selector with SSH with Access for Infrastructure resulting in users having unauthorized access to infrastructure targets

system · December 13, 2024, 9:32pm

Dec 14, 08:58 UTC
Resolved - This incident has been resolved.

Dec 14, 08:52 UTC
Monitoring - A fix has been implemented and we are monitoring the results.

Dec 13, 22:24 UTC
Identified - The issue has been identified and a fix is being implemented.

Dec 13, 21:20 UTC
Investigating - When an Okta, Azure, GitHub or Google Group selector is used, all SSH policies will match to users having unauthorized access to infrastructure targets. Users must still pass all other components of the policy. Infrastructure Access applications without the affected Group Selectors and all other Access application types are not impacted.

This is a companion discussion topic for the original entry at https://www.cloudflarestatus.com/incidents/4g5mdg35j1c6

system · December 14, 2024, 9:32pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare Access + Okta SAML groups Access CloudflareTunnel	8	2321	September 23, 2022
Only seeing one idp group in selector list Zero Trust	0	923	May 19, 2023
Okta groups and Cloudflare dashboard access General	4	2391	March 19, 2022
Gateway selector in access policy rule not eligible Gateway CloudflareTunnel	5	1625	October 12, 2022
BUGs: Gateway+WARP can't block by GroupID, GroupName Gateway	7	2700	January 4, 2022

Using Okta, Azure, GitHub or Google Group selector with SSH with Access for Infrastructure resulting in users having unauthorized access to infrastructure targets

Related topics