Purpose
This guide explains how to generate the required API Token and permissions in Cloudflare Zero Trust, and how to use those credentials in Logsign USO to ingest Access Logs from the Cloudflare Zero Trust API for security analytics and forensic investigations.
1. Log in to Cloudflare Dashboard
Visit: https://dash.cloudflare.com
Log in with your Global Administrator or Zero Trust account owner credentials.
Ensure that your Cloudflare plan includes Zero Trust features.).
2. Create a Custom API Token
In the Cloudflare dashboard, click your profile icon in the top-right corner and select “My Profile”.
Navigate to the “API Tokens” tab.
Click “Create Custom Token”.
Enter a meaningful name for the token, for example:
Token Name: ZeroTrustAPI-forLogsign
Configure Token Permissions
Add the following permissions exactly as listed below:
Account → Access: Audit Logs → Read
Account → Zero Trust → Read
Account → Access: Organizations, Identity Providers, and Groups → Read
These permissions allow Logsign to collect audit trail and Zero Trust event data safely, without edit or administrative privileges.
Save and Record the Following Details
After creating the token, copy and store the following information securely:
API Token: The generated Bearer token (visible only once).
Account ID: Found in the Cloudflare dashboard URL, for example
https://dash.cloudflare.com/xxxxxxxxxxxxxx/
Cloudflare only shows the token value once, so make sure to save it securely in a vault or password manager.
Configure Integration in Logsign USO
Log in to your Logsign USO instance.
Go to Data Sources → Add New → API → Cloudflare Zero Trust.
Enter the following fields:
API Token: Paste the token you created.
Account ID: Enter your Cloudflare account identifier.
Source Name: For example, “Cloudflare Zero Trust Logs”.