Cloudflare Zero Trust for Service Token

Zero Trust WARP
1

Hi there, I’m using WARP and Zero Trust to connect to my Zero Trust VPN, I’m using Linux ubuntu as client, This is the pattern of my mdm.xml:

<dict>
  <key>organization</key>
  <string>[team_name]</string>
  <key>auth_client_id</key>
  <string>[client_id_access]</string>
  <key>auth_client_secret</key>
  <string>[client secret]</string>
</dict>

When I remove the file and try using warp-cli teams-enroll [team_name] everything works fine, however if I try passing the mdm.xml file, this is what I got:

warp-cli register
Success
warp-cli connect
Success
warp-cli account
Error: Missing registration. Try running: warp-cli register
curl https://www.cloudflare.com/cdn-cgi/trace/
...
warp=off
...

In my dashboard shows as if the service token has never been used.

I already enabled on Device enrollment permissions to allow any non-expired service tokens.

Any Ideas.

2 Likes
2

Hi,

I have been stuck on that problem as well and I finally found a solution that worked for me!

Enabling the Device enrolment permissions is not enough to get the registration and it is not precise anywhere. You need to create a specific profile for service auth on top of that in your warp settings. In my case when I register a device with a service token, the device shows up on My team > Devices in Zero Trust. The device is associated with the email address [email protected]. Thus, you need to create a profile in your warp settings for this email as well.

E.g. if your profiles were only referencing @yourcompany.com and not this [email protected], warp-cli would not generate an account setting file.

Hope that helps even though it was few months ago :slight_smile: