Cloudflare Access for a SaaS failing

This post is about the product “Cloudflare Access”.
I want to demo the claimed protections Cloudflare Access can provide to our SaaS apps.
I am trying to demo this using SimpleMDM, it’s one of the few services I have that do not up-charge for SAML integration. I have spent hours on this with zero success. I used to integrate all manner of apps into Okta, so I though I had a handle on SAML integrations.
Maybe I’m misunderstanding what “Cloudflare Access” will actually do. From all the reading I’ve done, if I set up a SaaS app under Access > Applications in Zero Trust, then no one should be able to access our SimpleMDM SaaS instance without having their Warp client on, and of course be approved for that app.
I’ve set it up, double checked our DNS points to Cloudflare
I’ve set up the integration with Google Workspaces as our IdP and tested it, worked immediately.
I’ve et up the groups and policies allowing all emails using @“ourdomain”.
I’ve set up SimpleMDM with the cert and toher info from the Application setup page.
I’ve setup SimpleMDM in the Cloudflare Application page.
No matter what I do, I can navigate to and log in to SimpleMDM. Cloudflare is not throwing up the blocked page.
This is incredibly frustrating, something so simple taking so much time.