Is it possible to have users access a specific application, and the only requirement is to be using Gateway?
Yes, this is possible if the reference application is behind access - see more information in our developers guide Access Application Launcher
In this scenario:
on everybody’s iPhone is the 1.1.1.1 app installed and logged in on Gateway via Teams.
Everyone can access the application on his iPhone, but without having to authenticate (via Cloudflare Access)
You can create an access policy to have Action: Allow Rule: Require Criteria: Gateway. You can see more information on Cloudflare Access Policy Structure
As per the optional use-case:
If people are not using Gateway (through the 1.1.1.1 app), they need to authenticate via Cloudflare Access
You can edit the above policy by adding a rule: include which acts similar to the OR logical operator and then add another criteria i.e., emails ending in your @company.com.
If this is not working as expected, please open a ticket with Cloudflare Support.
Adding to the discussion here. For this particular use-case where gateway is required as the authentication medium, we do not support this currently but we are working on adding more features that should support this kind of use-case and more in the future. However, no ETA at the moment. Thank you for working with us on this @Cadish