🔒 Cloudflare Tunnel Authentication Setup

Setup authentication for your site so it can only be accessed by authorised emails.

Device Information

Current Device: Detecting...

📋 Setup Instructions

Initial Setup (First Time Only)

If this is your first time setting up Cloudflare WARP with Zero Trust, follow these detailed steps:

  1. All high-level instructions found here just in case: https://developers.cloudflare.com/cloudflare-one/setup/
  2. First setup a zero trust account and team name by going dash.cloudflare.com and clicking zero trust. Note that zero trust free plan is all you need.
  3. Next, in zero trust (one.dash.cloudflare.com) go settings → authentication and under login methods, click add new and select one-time PIN - if instructions change, use this link https://developers.cloudflare.com/cloudflare-one/identity/one-time-pin/
  4. Next define enrollment permissions. Go to the zero trust again, then settings → warp client. in device enrollment section click the manage button for device enrollment permissions.
  5. Create new policy, then in the add policy page, in basic information section enter a policy name like WARP-login, action Allow and session duration same as application session timeout. In the add rules section, for the 'include' rule choose selector as emails and add the allowed emails to login (trusted emails) in the value field. Note: If you wish for your application to require users to be authenticated via the WARP client, add a 'require' rule to the policy with the 'Warp' selector. Save.
  6. Back on the device enrollment permissions page, press select existing policies and choose the one you just created. Then, in the login methods tab (still in device enrollment permissions page), under login methods, make sure 'Accept all available identity providers' is toggled off, One time PIN is ticked and 'Instant Auth' is toggled on. Click save.
  7. Finally, from the zero trust dashboard visit access → Applications → Add an application. Give it an appropriate application name like 'printguard' and session duration of 1 week. Set the public hostname to the same as your cloudflare tunnel domain then, in the policies section, add your existing WARP-login policy that was created earlier.

Download and Connect WARP Client

If in the initial setup instructions you chose to require the WARP client to access printguard for added security, you will need to follow these steps for each device you wish to enroll. If your policy did not require WARP, you can skip this section.

Step 1: Download WARP Client

First, download and install the Cloudflare WARP client for your device.

Click here to download directly from the Cloudflare website.

Or use the buttons below to download the client for your specific platform (links from Cloudflare):

🪟 Windows 🍎 macOS 🐧 Linux 📱 iOS 🤖 Android

Step 2: Connect to Organization

  1. Open the WARP client application
  2. Navigate to Settings → Account → Login to Cloudflare Zero Trust
  3. Enter your organization's team name: Loading...
  4. Authenticate using your organization's login method

Step 3: Access the Site

Once connected to your organization's WARP network, you should be able to access the PrintGuard site automatically through your Cloudflare domain.

✅ Setup Complete!

If you've followed the setup steps correctly and are connected to your organization's Zero Trust, you should be able to access the PrintGuard application directly through your Cloudflare domain.

Your Cloudflare domain: Loading...

If your setup requires the WARP client, you will need to download and login to the WARP client on each device you wish to visit the site from. Otherwise, you can access the site directly through your Cloudflare domain and by logging in with one of your allowed email addresses.

📱 Share Link

Scan the QR code or share the link to open this page on your other devices.

Loading...