Protecting Wordpress Login with Cloudflare Access

I’m trying to protect my wordpress login with Cloudflare Access.

The configuration is:
Running a tunnel pointing to origin IP address. (coz is already onboarded on Cloudflare so pointing to domain gives “prohibited IP” error).

Zone lockdown:

DNA CNAME pointing to tunnel id.

Everything is working fine until this point.

After logged in, it routed back to instead of staying on