{"id":313,"date":"2026-03-24T00:00:00","date_gmt":"2026-03-24T00:00:00","guid":{"rendered":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/24\/gateway-oidc-claims-filtering-now-available-in-gateway-firewall-resolver-and-egress-policies\/"},"modified":"2026-03-24T00:00:00","modified_gmt":"2026-03-24T00:00:00","slug":"gateway-oidc-claims-filtering-now-available-in-gateway-firewall-resolver-and-egress-policies","status":"publish","type":"post","link":"https:\/\/wordpress.securinsight.ca\/index.php\/2026\/03\/24\/gateway-oidc-claims-filtering-now-available-in-gateway-firewall-resolver-and-egress-policies\/","title":{"rendered":"Gateway &#8211; OIDC Claims filtering now available in Gateway Firewall, Resolver, and Egress policies"},"content":{"rendered":"<p>Cloudflare Gateway now supports <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/identity-selectors\/#oidc-claims\">OIDC Claims<\/a> as a selector in Firewall, Resolver, and Egress policies. Administrators can use custom OIDC claims from their identity provider to build fine-grained, identity-based traffic policies across all Gateway policy types.<\/p>\n<p>With this update, you can:<\/p>\n<ul>\n<li>Filter traffic in <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/dns-policies\/\">DNS<\/a>, <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/http-policies\/\">HTTP<\/a>, and <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/network-policies\/\">Network<\/a> firewall policies based on OIDC claim values.<\/li>\n<li>Apply custom <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/resolver-policies\/\">resolver policies<\/a> to route DNS queries to specific resolvers depending on a user&#8217;s OIDC claims.<\/li>\n<li>Control <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/egress-policies\/\">egress policies<\/a> to assign dedicated egress IPs based on OIDC claim attributes.<\/li>\n<\/ul>\n<p>For example, you can create a policy that routes traffic differently for users with <code>department=engineering<\/code> in their OIDC claims, or restrict access to certain destinations based on a user&#8217;s role claim.<\/p>\n<p>To get started, configure <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/integrations\/identity-providers\/generic-oidc\/#custom-oidc-claims\">custom OIDC claims<\/a> on your identity provider and use the <strong>OIDC Claims<\/strong> selector in the Gateway policy builder.<\/p>\n<p>For more information, refer to <a href=\"https:\/\/developers.cloudflare.com\/cloudflare-one\/traffic-policies\/identity-selectors\/\">Identity-based policies<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Cloudflare Gateway now supports OIDC Claims as a selector in Firewall, Resolver, and Egress policies. Administrators can use custom OIDC claims from their identity provider to build fine-grained, identity-based traffic policies across all Gateway policy types. With this update, you can: Filter traffic in DNS, HTTP, and Network firewall policies based on OIDC claim values. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-313","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/comments?post=313"}],"version-history":[{"count":0,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/posts\/313\/revisions"}],"wp:attachment":[{"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/media?parent=313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/categories?post=313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.securinsight.ca\/index.php\/wp-json\/wp\/v2\/tags?post=313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}