CloudFlare Access and GSuite integration - does this work with Google Groups?

I am using Cloudflare Access to protect a web-server.

It’s linked to our Google G Suite domain, and I’ve setup access policies to allow certain users access to various URLs.

It works when I explcitly add a user to an access policy.

However, if I add a user to a Google Group, then add the email for that Google Group to a Cloudflare access policy - it does not work. I wanted to verify - should it be expected to work?

This should be possible with “include” -> “google groups” policy. Is it not working?

image

Aha - whoops - I’d accidentally added a “Google” identity provider, not a “G Suite” identity provider. I added a “G Suite” one, and I do see a “Google Group” option now. There doesn’t seem to be too much documentation about this feature.

However, I’m not hitting a separate issue (invalid memory) when running Cloudflared: