I have 4 email addresses in my Access Policy. The policy sends a one time pin to 3/4 accounts. The account used to be listed in the “My Team” view. However, I removed it and since then, I can’t register the account again and the one time pin is not sending to this account.
Enter a particular email address. Other gmail addresses are not facing this issue.
Was the user removed or revoked? 
Have you got any seats left?
Is your policy set to allow, and you’ve got that gmail email address added within the Include selector Emails Value?
Have you checked your spam folder?
Does that particular Gmail account also have Cloudflare account? If yes, does it receive other emails from Cloudflare such as notifications, promo, etc.?
I was testing policies and could not get them to work, so I “removed” the user. Prior to that, the user was not revoked. I am only using 2/50 seats. I finally got the policy working by using “Allow” and I have 4 email addresses added within the include selector emails value.
I have checked my spam folder and no emails are there.
I leverage Gmail “Plus Addressing” pretty heavily. So my Cloudflare account is actually [email protected] for instance. The “user” that is not receiving the OTP is just my regular Gmail account. I have tested adding [email protected] to the Cloudflare Access Policy and then asking for a OTP and that successfully worked. It just seems as though my email address is in some sort of weird state. Like maybe the user is soft deleted, where I can’t see it, but on the Cloudflare backend it is in a broken state?
I saw in this thread (Not getting the getting the verification email with one time pin for zero trust - #6 by sdayman) that a Cloudflare member had to check to see if the email was on a suppression list. This particular Cloudflare account is a free account, so I don’t have direct access to Cloudflare support via tickets.
In summary - I was testing the access policy and just trying to get it to work. Rather than reading the documentation, I got impatient and figured I could remove the account from my team. It was only after that did not work is when I realized my policy was using the Require rule type incorrectly (Access policies · Cloudflare Zero Trust docs).
I ended up creating a separate Access Application and when I entered my email address for that Application, it went through. Then I saw I was registered/listed on “My Team” and then I was able to begin sending codes to my email address again. It seems I was stuck somewhere, but the new Access Application forced it through. Weird, but it works now!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.