How do you force a user to use WARP to access a self-hosted app?

Trying to work out how to implement Zero Trust and if Cloudflare version is for us.

I have a self-hosted app set up and protected requiring a google login. So far so good.

Ideally i’d like employees accessing the self-hosted app to be required to have their traffic pushed through WARP and then have additional security options enabled.

How do you force the user to have WARP activated in order to access the self-hosted app? I can’t see any reference to WARP in the app access policy options. Should i be activating this from somewhere else?

This wasn’t immediately apparent to me so I include this here for the benefit of those that may come after…

Refer to:
https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/require-warp/

Go to Settings > Warp Client and ■■■ a WARP client check for simply WARP:

This will then give you the option to select simply WARP as a REQUIRED option on your Application Policy.

Hope that helps someone.