← Back
Cloudflare
Cloudflare integrates identity verification into Access to block deepfake-based insider threats
Cloudflare · featuresecurityintegrationapi · blog.cloudflare.com ↗

New Identity Verification Integration

Cloudflare is partnering with Nametag, a workforce identity verification specialist, to integrate identity-verified onboarding and continuous identity assurance into Cloudflare One. The partnership addresses a critical security gap: traditional zero trust models verify devices and credentials but fail to verify that the person behind the credentials is legitimate.

The Threat: Laptop Farm Operations

Nation-state actors—particularly from North Korea—are running organized "remote IT worker" fraud operations. These attackers use stolen identities, pass AI-assisted interviews, and employ deepfake tools to fabricate government IDs. Once hired, their laptops are shipped to domestic "mule" addresses (laptop farms) where they're accessed remotely via VPN or remote desktop. Because credentials and devices are valid, standard zero trust policies treat this traffic as safe—allowing attackers to steal intellectual property and funds before detection.

How Identity Verification Works

Nametag integrates with Cloudflare Access via OpenID Connect (OIDC), allowing configuration as a primary IdP or as an external evaluation factor. The workflow is straightforward:

  • Users attempting to access onboarding portals are redirected to Nametag for authentication
  • Users verify their identity by taking a selfie and scanning their government-issued ID via phone
  • Nametag's "Deepfake Defense" engine uses cryptography, biometrics, and AI to confirm the user is real and legitimate—preventing deepfake IDs and presentation attacks
  • Upon successful verification, Nametag returns an ID token to complete the OIDC flow and Cloudflare grants or denies access accordingly

The entire process takes under 30 seconds, and no biometric data is retained after verification.

Layered Defense

This integration complements Cloudflare's existing insider threat protections, including API-driven data loss prevention (DLP), Remote Browser Isolation (RBI), and shadow IT detection capabilities. Organizations can now verify identity at the point of onboarding—stopping malicious actors before they gain access to email, code repositories, or other sensitive resources.