Access Policy - Multiple Domains

I’ve run into a situation whereby we’re developing a new frontend for our stack and want that deployed in tandem with the existing frontend. I’m using Cloudflare Access for our dev and stage environments and am authenticating into CF via OIDC.

It would seem that there’s no way to make an access policy work with multiple domains - it’s a single field and I can’t see any documentation that would suggest that you can use regex patterns for the subdomain. So I tried to create another access policy, but it would seem that new access policies are scoped to a different audience.

Our backend uses the audience to validate the jwt that the frontend passes from CF to it. Short of deploying our backend twice, I can’t see any way to work this.

Does anyone have any suggestions?


This post was flagged by the community and is temporarily hidden.

You’ll need to create an access policy per host / domain. An access policy of * is supported, but that’s the extent of the FQDN regex available today.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.