Cloudflare Zero Trust for Service Token

Hi there, I’m using WARP and Zero Trust to connect to my Zero Trust VPN, I’m using Linux ubuntu as client, This is the pattern of my mdm.xml:

  <string>[client secret]</string>

When I remove the file and try using warp-cli teams-enroll [team_name] everything works fine, however if I try passing the mdm.xml file, this is what I got:

warp-cli register
warp-cli connect
warp-cli account
Error: Missing registration. Try running: warp-cli register

In my dashboard shows as if the service token has never been used.

I already enabled on Device enrollment permissions to allow any non-expired service tokens.

Any Ideas.



I have been stuck on that problem as well and I finally found a solution that worked for me!

Enabling the Device enrolment permissions is not enough to get the registration and it is not precise anywhere. You need to create a specific profile for service auth on top of that in your warp settings. In my case when I register a device with a service token, the device shows up on My team > Devices in Zero Trust. The device is associated with the email address [email protected]. Thus, you need to create a profile in your warp settings for this email as well.

E.g. if your profiles were only referencing and not this [email protected], warp-cli would not generate an account setting file.

Hope that helps even though it was few months ago :slight_smile: