We’re working on setting up Cloudflare for Teams along with Cloudflare Access, and will be using One Time Passwords to authenticate with Access.
Strangely, we’re not receiving the login token emails when attempting to authenticate with any email address of one domain in particular. We’ve added email addresses from that domain to a User Group within Teams as Include rules and have ensured that the group was allowed into both an application and the App Launcher. When attempting to access either that application or the App Launcher, and using emails from this specific domain, no emails are ever received. If I add any other email address from any other domain, it will successfully receive login tokens from Cloudflare Access.
This domain is using Office 365 as an email provider, and Office 365’s email logs show no indication of any Cloudflare Access email being received or even denied, whereas it does show successful email reports if I send an email manually to one of the domains.
Some additional notes: When initially setting up Access, we did accidentally misconfigure a new email address within Office 365 wherein all email sent to it would return as “undeliverable”. That same address was used for the first Cloudflare Access login attempt. Being that the email address has since been fixed and can receive email now, we feel that Cloudflare Access is blocking outgoing emails to this domain specifically due to the first “undeliverable” response. Is that the case?