← Back
Cloudflare
Cloudflare partners with Nametag to add identity verification to Cloudflare One
Cloudflare · featureintegrationsecurityapi · blog.cloudflare.com ↗

Addressing the Remote IT Worker Threat

The security landscape is facing a new threat vector: organized "remote IT worker" fraud operations, often linked to nation-states like North Korea, that use laptop farms to infiltrate companies with stolen identities. These attackers exploit an identity assurance gap in modern zero trust implementations—traditional onboarding verifies devices and credentials, but not the actual people behind them. Using generative AI and deepfake tools, bad actors can now pass interviews and fabricate government IDs with alarming sophistication.

Cloudflare's Partnership with Nametag

To close this gap, Cloudflare is integrating Nametag, a workforce identity verification pioneer, into Cloudflare One. This partnership adds identity-verified onboarding and continuous identity assurance capabilities to Cloudflare's SASE platform, addressing the timing gap between hiring and when malicious actors gain system access.

How the Integration Works

The Nametag integration uses OpenID Connect (OIDC) and can be configured as an identity provider in Cloudflare Access or chained alongside your existing IdP (Okta, Microsoft Entra ID, etc.). The verification process takes under 30 seconds:

  1. User attempts to access the onboarding portal protected by Cloudflare Access
  2. Cloudflare redirects to Nametag for authentication
  3. User captures a selfie and scans their government-issued photo ID
  4. Nametag's Deepfake Defense™ engine uses cryptography, biometrics, and AI to verify the person is real and matches their ID
  5. Upon verification, Nametag returns an ID token to complete the OIDC flow

The system prevents sophisticated attacks including deepfake IDs, presentation attacks (printed photos), and injection attacks. No biometric data is stored after verification.

Complementary Security Features

This partnership enhances Cloudflare's existing insider threat toolkit, which already includes API-driven data loss prevention (DLP), remote browser isolation (RBI), and shadow IT detection. Organizations can now combine identity verification at onboarding with ongoing behavioral monitoring and data protection to create a comprehensive defense against both external and insider threats.