Application Library
The Application Library allows users to manage their SaaS applications in Cloudflare Zero Trust by consolidating views across all relevant products: Gateway, Access, and Cloud Access Security Broker (CASB). The App Library provides visibility and control for available applications, as well as the ability to view categorized hostnames and manage configuration for Access for SaaS and Gateway policies. For example, you can use the App Library to review how Gateway uses specific hostnames to match against application traffic.
To access the App Library in Zero Trust ↗, go to My team > App Library. Each application card will list the number of hostnames associated with the application, the supported Zero Trust product usage, and the app type.
The App Library groups Do Not Inspect applications within the corresponding application. For example, the App Library will group Google Drive (Do Not Inspect) under Google Drive. Traffic that does not match a known application will not be included in the App Library.
Select an application card to view details about the application.
The Overview tab shows details about an application, including:
- Name
- Shadow IT review status
- Number of hostnames
- App type
- Supported Zero Trust applications
- Application ID for use with the API and Terraform
The Findings tab shows any connected CASB integrations for the selected application, as well as instances of any detected posture findings and content findings for each integration.
The Policies tab shows any Gateway and Access for SaaS policies related to the selected application.
The Usage tab shows any logs for Gateway traffic requests, Access authentication events, Shadow IT Discovery user sessions, and generative AI prompt logs sent to the selected application. This section requires logs to be turned on for each feature.
The Shadow IT Discovery dashboard will provide more details for discovered applications. To access Shadow IT Discovery in Zero Trust ↗, go to Analytics, then select Shadow IT Discovery.
The App Library synchronizes application review statuses with approval statuses from the Shadow IT Discovery SaaS analytics dashboard.
To organize applications into their approval status for your organization, you can mark them as Unreviewed (default), In review, Approved, and Unapproved.
| Status | API value | Description |
|---|---|---|
| Approved | approved | Applications that have been marked as sanctioned by your organization. |
| Unapproved | unapproved | Applications that have been marked as unsanctioned by your organization. |
| In review | in review | Applications in the process of being reviewed by your organization. |
| Unreviewed | unreviewed | Unknown applications that are neither sanctioned nor being reviewed by your organization at this time. |
To set the status of an application:
- In Zero Trust ↗, go to My team > App Library.
- Locate the card for the application.
- In the three-dot menu, select the option to mark your desired status.
Once you mark the status of an application, its badge will change. You can filter applications by their status to review each application in the list for your organization. The review status for an application in the App Library and Shadow IT Discovery will update within one hour.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark