I’m wondering if it’s possible for a device using WARP (signed in with zero trust teams) can access sites behind authentication without having to also sign in with SSO. I got the impression that this was possible from documentation and product feature overviews but I can’t find much about implementing it. It sounds like from the solution from a similar post (/t/is-there-a-way-to-use-warp-client-to-bypass-sso-auth-for-Cloudflare-access-in-incognito/332002) it is possible, but the solution doesn’t elaborate on how it can be implemented.
My situation is that i have a tunnel to MYHOST with a ‘Public Hostname’ setup pointing MYSITE(dot)DOMAIN(dot)COM to http:// 127.0.0.1:8000. I have a self hosted ‘Application’ set up with the URL MYSITE(dot)DOMAIN(dot)COM. The authentication policy for this allows anyone with @myemaildomain(dot)com using Google Workspace SSO. I see options for using one time pin or Google Workspace but no options for using WARP.
Using a mobile device logged into the Cloudflare access team on WARP I still have to use SSO when accessing the site, despite being logged in with an allowed email. The main problem with this is that some iOS apps do not work with Google SSO (Google refuses to authenticate in the homeassistant app as it’s not a trusted browser). It seems that I need to set up some gateway rules to bypass SSO but I’m not sure where to start with this.
A related question I have, if it is possible to bypass SSO using WARP, is it possible to have WARP authenticated with multiple Cloudflare teams at once? I have two teams both of which have services I would like to access on mobile without SSO.