Trouble bypassing Access login with Gateway

I am not a tech novice by any stretch though I am relatively new to CF ZeroTrust and Tunnel.

I have everything setup and working with multiple identity providers and have had several users test to ensure it’s working so I don’t think it is a basic setup issue.

I want to leave login available but bypass it if using the warp client logged to the team, what I thought would be an easy feat.

I have followed the steps in these posts to no avail Bypass login page when warp client active and
Bypassing Authentication for Gateway Users

Warp is logged in

gateway is detected
image

gateway policy is enabled (and has been setup as Bypass, Allow, and service auth)

the Gateway policy (I have tried using the gateway group as well as an include selector with no difference in functionality)

If I leave the ‘me login’ policy in the application I get the access login page

If I have only the gateway policy I get a forbidden page

I feel like I must be missing something extremely simple.