Force user re-authentication to WARP client

Hi,

we are using WARP with AAD SSO. The user is currently required to authenticate via Microsoft account once after installing the WARP and connecting to the team. After this authentication it is possible to connect/disconnect without any further authentications, even after days of inactivity.

Is it possible to configure WARP to force the user to re-authenticate via Microsoft account after some time?

Thank you.

It is possible for specific policies related to the login:

https://developers.cloudflare.com/cloudflare-one/policies/filtering/enforce-sessions/

1 Like

Thank you, but does not work.

Created a network policy with “Action Allow” and with “Enforce WARP client session duration: 6 hours”.

On a first request to a protected service, WARP popup is displayed stating “Success! You have successfully updated your identity! You can now close this page.”.

No Microsoft re-logon required, but that might be a Microsoft issue.

The main problem is that the WARP session is actually not refreshed and the traffic is still being blocked even after the “Success! You have successfully updated your identity!” popup is closed. The WARP popup is displayed again and again, ca. every minute. It seems like the session is actually not refreshed/prolonged or the session expiration check does not work correctly.

Any suggestions what can be the issue? Is there any other configuration which could affect this? Any way how to debug this?

Logging out of WARP Zero Trust & in again did not help.
WARP client should be up to date, version 2022.5.309.0.

Thank you.