Forcing user authentication to Warp client

We’re looking to use Gateway to secure remote workers. As part of this, we are planning to deploy the Warp client to remote devices via our MDM solution. So far, I’ve managed to get it to install and be tied to our Teams tenant through the documented parameters.

The one piece that’s missing is forcing users to authenticate, or somehow authenticating them behind the scenes, so that the “auto_connect” parameter can take effect and force traffic through Gateway. Without this, it seems that if a user does not decide to login (which could be because they know it’ll bring about filtering or because they didn’t notice the client running), the “auto_connect” parameter never kicks in and the device is unprotected.

I’ve looked at the App-Settings.json file in %LocalAppData%\Cloudflare\ but couldn’t find anything useful there.

I should also mention that I tried the Access Token enrollment approach but that resulted in Gateway policies not applying (I figured maybe it only works for Access).

Any ideas? Has anyone else approached it differently?