Hello all,
I have been experimenting with the Cloudflare GUI in the early stages of my setup, and gradually replacing it with Terraform.
I have two active tunnels and maybe 10 deleted tunnels which can be seen using the CLI command “cloudflared tunnel list -d”
I previously had per-tunnel Azure AD login methods defined using this block:
resource “cloudflare_access_identity_provider” “aad” {
zone_id = data.cloudflare_zone.this.id
name = “Azure AD”
type = “azureAD”
config {
client_id = data.hcp_vault_secrets_app.cloudflare.secrets.aadclientid
client_secret = data.hcp_vault_secrets_app.cloudflare.secrets.aadclientsecret
directory_id = data.hcp_vault_secrets_app.cloudflare.secrets.aaddirectoryid
}
}
…except when testing an app defined in one of the tunnels I saw not 2 but 3 choices when connecting under the “Sign in with:” banner. That is, it seems I have 3 IdP configs defined rather that the 2 I was expecting.
When I change the Terraform to remove the per-tunnel definitions, I’m still left with 1.
How do I find where that’s defined? Looking at the docs it seems I can define access_identity_provider resources either by associating them with a zone or with an account:
https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_identity_provider
So maybe my question should be: where in the GUI do I find account-scoped access_identity_provider definitions?
Thanks!