diff --git a/cloudflare/resource_cloudflare_access_group.go b/cloudflare/resource_cloudflare_access_group.go
index 6d6e08e0eb..b383dad481 100644
--- a/cloudflare/resource_cloudflare_access_group.go
+++ b/cloudflare/resource_cloudflare_access_group.go
@@ -103,6 +103,10 @@ var AccessGroupOptionSchemaElement = &schema.Resource{
 			Type:     schema.TypeString,
 			Optional: true,
 		},
+		"auth_method": {
+			Type:     schema.TypeString,
+			Optional: true,
+		},
 		"gsuite": {
 			Type:     schema.TypeList,
 			Optional: true,
@@ -342,6 +346,12 @@ func BuildAccessGroupCondition(options map[string]interface{}) []interface{} {
 					CommonName string `json:"common_name"`
 				}{CommonName: values.(string)}})
 			}
+		} else if accessGroupType == "auth_method" {
+			if values != "" {
+				group = append(group, cloudflare.AccessGroupAuthMethod{AuthMethod: struct {
+					AuthMethod string `json:"auth_method"`
+				}{AuthMethod: values.(string)}})
+			}
 		} else if accessGroupType == "gsuite" {
 			for _, v := range values.([]interface{}) {
 				gsuiteCfg := v.(map[string]interface{})
diff --git a/website/docs/r/access_group.html.markdown b/website/docs/r/access_group.html.markdown
index a8d42ad50c..41b12914fc 100644
--- a/website/docs/r/access_group.html.markdown
+++ b/website/docs/r/access_group.html.markdown
@@ -76,6 +76,9 @@ conditions which can be applied. The conditions are:
   requests. Example: `everyone = true`
 * `certificate` - (Optional) Whether to use mTLS certificate authentication.
 * `common_name` - (Optional) Use a certificate common name to authenticate with.
+* `auth_method` - (Optional) A string identifying the authentication
+  method code. The list of codes are listed here: https://tools.ietf.org/html/rfc8176#section-2.
+  Custom values are also supported.
 * `gsuite` - (Optional) Use GSuite as the authentication mechanism. Example:
 
   ```hcl
diff --git a/website/docs/r/access_policy.html.markdown b/website/docs/r/access_policy.html.markdown
index a6ffb2f497..d9ff08ec8c 100644
--- a/website/docs/r/access_policy.html.markdown
+++ b/website/docs/r/access_policy.html.markdown
@@ -59,9 +59,9 @@ The following arguments are supported:
   Allowed values: `allow`, `deny`, `non_identity`, `bypass`
 * `name` - (Required) Friendly name of the Access Application.
 * `precedence` - (Optional) The unique precedence for policies on a single application. Integer.
-* `require` - (Optional) A series of access conditions, see [Access Groups](/docs/providers/cloudflare/r/access_group.html#conditions).
-* `exclude` - (Optional) A series of access conditions, see [Access Groups](/docs/providers/cloudflare/r/access_group.html#conditions).
-* `include` - (Required) A series of access conditions, see [Access Groups](/docs/providers/cloudflare/r/access_group.html#conditions).
+* `require` - (Optional) A series of access conditions, see [Access Groups](/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions).
+* `exclude` - (Optional) A series of access conditions, see [Access Groups](/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions).
+* `include` - (Required) A series of access conditions, see [Access Groups](/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions).
 
 
 ## Import