OIDC Claims filtering now available in Gateway Firewall, Resolver, and Egress policies
Cloudflare Gateway now supports OIDC Claims as a selector in Firewall, Resolver, and Egress policies. Administrators can use custom OIDC claims from their identity provider to build fine-grained, identity-based traffic policies across all Gateway policy types.
With this update, you can:
- Filter traffic in DNS, HTTP, and Network firewall policies based on OIDC claim values.
- Apply custom resolver policies to route DNS queries to specific resolvers depending on a user's OIDC claims.
- Control egress policies to assign dedicated egress IPs based on OIDC claim attributes.
For example, you can create a policy that routes traffic differently for users with department=engineering in their OIDC claims, or restrict access to certain destinations based on a user's role claim.
To get started, configure custom OIDC claims on your identity provider and use the OIDC Claims selector in the Gateway policy builder.
For more information, refer to Identity-based policies.