Help setting up Cloudflare Access

Hello everyone,
I’ve been trying to set up Cloudflare access for my team.
I’ve tried the OTP login method but neither I nor my team members are receiving the code via email.
I’ve set up GitHub authentication too and tested it (It seems to receive the email address from Github).

For the policies, I’ve allowed all emails ending for my domain and some personal Gmail email to test

When I try to log in to the app launch page, I still can’t log in whereas the email used in GitHub is allowed in the zero-trust policies. I get the message: “That account does not have access.”

Can someone tell me where I am wrong please?

Can you share a screenshot of the policy (blur out and details you don’t want shared), unfortunately it’s very hard without seeing things.

Here it is

Alright, so:

  1. I was alerted that the MX records for your domain point to Ionos Mail, which seems to have issues receiving email messages (they arrive very late, up to hours, or don’t arrive at all).
  2. Having that “require” rule makes the Gmail address unusable as it will never have that domain.

Solutions:

  1. Try and figure out why e-mails don’t arrive at Ionos (might be worth a ticket, but it can get complicated and might not work as the issue is most likely on the Ionos part) or use a different SSO provider, like GitHub.
  2. Split the rules correctly into three different ones. One requiring the Gmail address, one for the custom domain and one for IP (set to bypass, as it requires that for working), even in the same rule, but ideally split to better split the management.
    https://developers.cloudflare.com/cloudflare-one/policies/zero-trust#rules
3 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.