After I set up a Cloudflare Access Policy with a Google Groups include rule, the One-Time Pin tool fails to send out login codes to emails in that Google group. Is there just no cross-compatibility? If so, seems like a bit of an oversight. I’d like to be able to administer Cloudflare Access from inside GSuite Admin without having to add more rules but there’s no way to give out-of-organization emails access via the G Suite login method, hence my attempt to make OTP work.
OTP is a different authentication mechanism from GSuite. You could use a different IDP such as Okta which can aggregate multiple IDPs and you could configure and manage just that within Cloudflare.