Combination of Gateway and Access

Hi all,

Is it possible to have users access a specific application, and the only requirement is to be using Gateway? What I would like to achieve is:

  • on everybody’s iPhone is the 1.1.1.1 app installed and logged in on Gateway via Teams.
  • Everyone can access the application on his iPhone, but without having to authenticate (via Cloudflare Access)

Optional:

  • If people are not using Gateway (through the 1.1.1.1 app), they need to authenticate via Cloudflare Access

Is this possible? And if so, how? I’ve tried many configurations already of the applcation’s Access rules, but cannot succeed in this setup.

Many thanks!
Cadish

Hi Cadish, Based on your question:

Is it possible to have users access a specific application, and the only requirement is to be using Gateway?

Yes, this is possible if the reference application is behind access - see more information in our developers guide Access Application Launcher

In this scenario:

  • on everybody’s iPhone is the 1.1.1.1 app installed and logged in on Gateway via Teams.
  • Everyone can access the application on his iPhone, but without having to authenticate (via Cloudflare Access)

You can create an access policy to have Action: Allow Rule: Require Criteria: Gateway. You can see more information on Cloudflare Access Policy Structure

As per the optional use-case:

  • If people are not using Gateway (through the 1.1.1.1 app), they need to authenticate via Cloudflare Access

You can edit the above policy by adding a rule: include which acts similar to the OR logical operator and then add another criteria i.e., emails ending in your @company.com.

If this is not working as expected, please open a ticket with Cloudflare Support.

3 Likes

Hi @tobi, thanks a lot for you swift answer!

What do I select as the Include paramater? As I need to add this otherwise I cannot select the Require Criteria:

If I take Everyone as parameter to include, I get this:

Thanks a lot!
Cadish

Please open a ticket with support so that we can check your configuration to understand the options you are seeing on your end.

Ok, thanks a lot @tobi. I opened a ticket for this.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Adding to the discussion here. For this particular use-case where gateway is required as the authentication medium, we do not support this currently but we are working on adding more features that should support this kind of use-case and more in the future. However, no ETA at the moment. Thank you for working with us on this @Cadish

1 Like