It sounds like you’ve essentially made your private network routable within Cloudflare for your organisation. If you’re able to reach the web app by it’s private IP address through WARP then I think you’re pretty much finished the setup. The only step you’re missing is to create a DNS override under Gateway → Policies for the domain name you’d like users to reach your application with.
I’ll preface this with a note that I’ve yet to test this exact setup myself. But I think you’d just need to create a new DNS policy and build an expression that’ll match on the selector Host for whatever hostname you’d like to override. For example, if your domain name was example.com and you wanted users to be able to reach the web app on https://webapp.example.com when logged into and connected to WARP, you would create a Host override for webapp.example.com, select the Override action and enter in the private IP address of your web app’s server. It’s worth noting that if the web app is listening on a non-standard port, your users will still need to provide the port at the end of the URL (https://webapp.example.com:8443).
This will override the DNS lookup for any user logged into your teams account through WARP or if DNS requests are being forwarded to a Gateway location. I think at this point users logged into WARP will be able to reach your web app through the hostname you specified in your DNS policy.