Access Policy: Geo Country + Emails (2 or more), don't send OTP for authentication

Dear Cloudflare Zero Trust team: I’ve found the following issue, easily replicated:

1.- Deploy Tunnel > Add Public Hostname > OK
2.- Create an Access Policy with the following:
2.1- Include → Geo Country: (name anyone)
2.2- Require → Emails (at least two or more)
Expected result: when entering allowlisted emails, OTP is sent for access
Actual result: no OTP is received whatsoever!
NOTE: if I modify the Require → Emails to only one email, then it works as expected

Hope this helps and you can fix it ASAP.

My use case BTW (if you would like to know):

  • Two main rules to access my application:
    1.- Requests coming from one country only
    2.- Grant access to specific user email address

Thank you!

You can 't log in with 2 or more emails, so the conditions of the rule cannot be met

Many thanks for your answer and i hope I am not misunderstanding your explanation but, every email belongs to one user, meaning that if two emails are specified then two users should be entitle to receive the OTP and hence, access is granted :slight_smile:

Please read the linked section of the documentation and the example immediately following it which describes this exact scenario and why the logical condition you have actually created cannot be met.

Indeed Sir, that did the trick. many thanks for your super fast answer :slight_smile:
Respect man!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.