Forcing user authentication to Warp client

We’re looking to use Gateway to secure remote workers. As part of this, we are planning to deploy the Warp client to remote devices via our MDM solution. So far, I’ve managed to get it to install and be tied to our Teams tenant through the documented parameters.

The one piece that’s missing is forcing users to authenticate, or somehow authenticating them behind the scenes, so that the “auto_connect” parameter can take effect and force traffic through Gateway. Without this, it seems that if a user does not decide to login (which could be because they know it’ll bring about filtering or because they didn’t notice the client running), the “auto_connect” parameter never kicks in and the device is unprotected.

I’ve looked at the App-Settings.json file in %LocalAppData%\Cloudflare\ but couldn’t find anything useful there.

I should also mention that I tried the Access Token enrollment approach but that resulted in Gateway policies not applying (I figured maybe it only works for Access).

Any ideas? Has anyone else approached it differently?

1 Like

That’s a very good question. Realistically speaking, there should be something that would make me, as a user, spend time to sign into Warp. Since you can have the presence of WARP included in your device posture check for app access, you need to make an app people use daily available only via Warp.

Has there been any update on this? We are looking to implement the same.

We would like to implement this as well, any updates?