From 591bb828eb459c744ae96f53b0b6a35ea768ec14 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Thu, 13 Feb 2025 20:26:16 -0500
Subject: [PATCH 1/4] Import ZT org into Terraform

---
 .../zero-trust/create-zero-trust-org.mdx      | 48 ++++++++++++++++++-
 1 file changed, 46 insertions(+), 2 deletions(-)

diff --git a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
index 79d61f47a7622e9..c338dce6297b3cd 100644
--- a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
+++ b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
@@ -3,8 +3,52 @@
 
 ---
 
-import { Render } from "~/components"
+import { Render, Tabs, TabItem} from "~/components"
 
-To set up a Zero Trust organization:
+To start using Zero Trust features, create a Zero Trust organization in your Cloudflare account.
+
+## Sign up for Zero Trust
+
+To create a Zero Trust organization:
 
 <Render file="choose-team-name" product="cloudflare-one" />
+
+## (Optional) Manage Zero Trust in Terraform
+
+You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/).
+
+Zero Trust organizations cannot be created through Terraform. You must [sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard and then import the resource into your [Terraform configuration](/terraform/).
+
+To import your Zero Trust organization:
+
+<Tabs> <TabItem label="Terraform (v4)">
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+	- `Access: Organizations, Identity Providers, and Groups Write`
+
+2. Add the [`cloudflare_zero_trust_access_organization`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/zero_trust_access_organization) resource:
+
+	```terraform
+	resource "cloudflare_zero_trust_access_organization" "<your-team-name>" {
+		account_id                         = var.cloudflare_account_id
+		name                               = "<your-team-name>"
+		auth_domain                        = "<your-team-name>.cloudflareaccess.com"
+	}
+	```
+	Replace `<your-team-name` with the Zero Trust organization name selected during [onboarding](#sign-up-for-zero-trust). You can also view your team name on [Zero Trust](https://one.dash.cloudflare.com) under **Settings** > **Custom Pages**.
+
+3. In a terminal, run:
+
+	```sh
+	terraform import cloudflare_zero_trust_access_organization.<your-team-name> <cloudflare_account_id>`
+	```
+
+</TabItem>
+
+</Tabs>
+
+You can now update the Zero Trust organization using Terraform.
+
+:::tip
+If you plan to manage all Zero Trust settings in Terraform, set the dashboard to [API/Terraform read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only).
+:::
\ No newline at end of file

From 133f744992073096eb27ae18128c2da76d2e1a0a Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Fri, 14 Feb 2025 13:43:16 -0500
Subject: [PATCH 2/4] add min version

---
 .../learning-paths/zero-trust/create-zero-trust-org.mdx     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
index c338dce6297b3cd..4442fe50d7a8ee2 100644
--- a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
+++ b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
@@ -15,7 +15,7 @@ To create a Zero Trust organization:
 
 ## (Optional) Manage Zero Trust in Terraform
 
-You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/).
+You can use the [Cloudflare Terraform provider](https://registry.terraform.io/providers/cloudflare/cloudflare/latest) to manage your Zero Trust organization alongside your other IT infrastructure. To get started with Terraform, refer to our [Terraform tutorial series](/terraform/tutorial/).
 
 Zero Trust organizations cannot be created through Terraform. You must [sign up for Zero Trust](#sign-up-for-zero-trust) on the Cloudflare dashboard and then import the resource into your [Terraform configuration](/terraform/).
 
@@ -23,6 +23,10 @@ To import your Zero Trust organization:
 
 <Tabs> <TabItem label="Terraform (v4)">
 
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
+
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Organizations, Identity Providers, and Groups Write`
 

From 0de2c66bff339bba1dad1aed17721169662255a3 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Fri, 14 Feb 2025 13:49:45 -0500
Subject: [PATCH 3/4] specify TF version

---
 .../cloudflare-one/access/add-infrastructure-app.mdx      | 8 ++++++--
 src/content/partials/cloudflare-one/access/add-target.mdx | 8 ++++++--
 .../cloudflare-one/access/create-service-token.mdx        | 6 +++++-
 .../cloudflare-one/warp/device-enrollment-mtls.mdx        | 6 +++++-
 .../partials/cloudflare-one/warp/device-enrollment.mdx    | 6 +++++-
 .../cloudflare-one/warp/service-token-enrollment.mdx      | 6 +++++-
 6 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/src/content/partials/cloudflare-one/access/add-infrastructure-app.mdx b/src/content/partials/cloudflare-one/access/add-infrastructure-app.mdx
index b92bf8e2e22d3d6..d4e27015f9ea07e 100644
--- a/src/content/partials/cloudflare-one/access/add-infrastructure-app.mdx
+++ b/src/content/partials/cloudflare-one/access/add-infrastructure-app.mdx
@@ -83,9 +83,13 @@ import { Tabs, TabItem, Render } from "~/components"
 	```
 
 </TabItem>
-<TabItem label="Terraform">
+<TabItem label="Terraform (v4)">
 
-1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.45.0`.
+:::
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`
 
 2. Use the [`cloudflare_zero_trust_access_application`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/zero_trust_access_application) resource to create an infrastructure application:
diff --git a/src/content/partials/cloudflare-one/access/add-target.mdx b/src/content/partials/cloudflare-one/access/add-target.mdx
index e3b7d5666c43b46..ef396379b2476d9 100644
--- a/src/content/partials/cloudflare-one/access/add-target.mdx
+++ b/src/content/partials/cloudflare-one/access/add-target.mdx
@@ -55,9 +55,13 @@ If the target IP does not appear in the dropdown, go to **Networks** > **Routes*
 		```
 
 </TabItem>
-<TabItem label="Terraform">
+<TabItem label="Terraform (v4)">
 
-1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.45.0`.
+:::
+
+1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/api_token):
 	- `Teams Write`
 
 2. Configure the [`cloudflare_zero_trust_infrastructure_access_target`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.45.0/docs/resources/zero_trust_infrastructure_access_target) resource:
diff --git a/src/content/partials/cloudflare-one/access/create-service-token.mdx b/src/content/partials/cloudflare-one/access/create-service-token.mdx
index f087f0903abcf2f..29c93b8d030b6e9 100644
--- a/src/content/partials/cloudflare-one/access/create-service-token.mdx
+++ b/src/content/partials/cloudflare-one/access/create-service-token.mdx
@@ -23,7 +23,11 @@ import { Tabs, TabItem, Details } from '~/components';
    This is the only time Cloudflare Access will display the Client Secret. If you lose the Client Secret, you must generate a new service token.
    :::
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Service Tokens Write`
diff --git a/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx b/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
index 99ffab18f359b6f..f36eeeb30727992 100644
--- a/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
+++ b/src/content/partials/cloudflare-one/warp/device-enrollment-mtls.mdx
@@ -21,7 +21,11 @@ To check for an mTLS certificate:
 
 4. On your device, add the client certificate to the [system keychain](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#test-in-the-browser).
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permissions to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Mutual TLS Certificates Write`
diff --git a/src/content/partials/cloudflare-one/warp/device-enrollment.mdx b/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
index 31168e5300ee792..4e92d44be187336 100644
--- a/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
+++ b/src/content/partials/cloudflare-one/warp/device-enrollment.mdx
@@ -22,7 +22,11 @@ Device posture checks are not supported in device enrollment policies. WARP can
 4. In the **Authentication** tab, select the [identity providers](/cloudflare-one/identity/idp-integration/) users can authenticate with. If you have not integrated an identity provider, you can use the [one-time PIN](/cloudflare-one/identity/one-time-pin/).
 5. Select **Save**.
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`
diff --git a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
index a2f90732528e3b4..ddf81e385cba90a 100644
--- a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
+++ b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
@@ -21,7 +21,11 @@ import { Tabs, TabItem } from '~/components';
    * `auth_client_id`: The **Client ID** of your service token.
    * `auth_client_secret`: The **Client Secret** of your service token.
 
-</TabItem> <TabItem label="Terraform">
+</TabItem> <TabItem label="Terraform (v4)">
+
+:::note[Provider versions]
+The following example requires Cloudflare provider version `>=4.40.0`.
+:::
 
 1. Add the following permission to your [`cloudflare_api_token`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.40.0/docs/resources/api_token):
 	- `Access: Apps and Policies Write`

From 3eb759c023777eacd063a61d8a9f5c5ea99bf7ad Mon Sep 17 00:00:00 2001
From: ranbel <101146722+ranbel@users.noreply.github.com>
Date: Thu, 20 Feb 2025 15:56:55 -0500
Subject: [PATCH 4/4] Update create-zero-trust-org.mdx

---
 .../learning-paths/zero-trust/create-zero-trust-org.mdx       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
index 4442fe50d7a8ee2..c0572a770dc3685 100644
--- a/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
+++ b/src/content/partials/learning-paths/zero-trust/create-zero-trust-org.mdx
@@ -35,7 +35,7 @@ The following example requires Cloudflare provider version `>=4.40.0`.
 	```terraform
 	resource "cloudflare_zero_trust_access_organization" "<your-team-name>" {
 		account_id                         = var.cloudflare_account_id
-		name                               = "<your-team-name>"
+		name                               = "Acme Corporation"
 		auth_domain                        = "<your-team-name>.cloudflareaccess.com"
 	}
 	```
@@ -55,4 +55,4 @@ You can now update the Zero Trust organization using Terraform.
 
 :::tip
 If you plan to manage all Zero Trust settings in Terraform, set the dashboard to [API/Terraform read-only mode](/cloudflare-one/api-terraform/#set-dashboard-to-read-only).
-:::
\ No newline at end of file
+:::