Cloudflare Gateway now supports OIDC Claims as a selector in Firewall, Resolver, and Egress policies. Administrators can use custom OIDC claims from their identity provider to build fine-grained, identity-based traffic policies across all Gateway policy types. With this update, you can:
Filter traffic in DNS, HTTP, and Network firewall policies based on OIDC claim values. Apply custom resolver policies to route DNS queries to specific resolvers depending on a user's OIDC claims. Control egress policies to assign dedicated egress IPs based on OIDC claim attributes.
For example, you can create a policy that routes traffic differently for users with department=engineering in their OIDC claims, or restrict access to certain destinations based on a user's role claim. To get started, configure custom OIDC claims on your identity provider and use the OIDC Claims selector in the Gateway policy builder. For more information, refer to Identity-based policies.
Fetched April 4, 2026