Unrecognized/unauthorized random users in my cloudflare team domain

I am assessing Cloudflare teams for my usecase. I created a team on March 21st with team domain named foo.cloudflareaccess.com (using ‘foo’ to hide the real name here). So I signed up on https://foo.cloudflareaccess.com using my email ID and I got an email to login to the application. I also signed up to the same team on the 1.1.1.1 app on my phone. Everything was fine until March 24th - when I logged into my Cloudflare account (which has 2FA setup btw), I saw two random users under My Team >> Users. I do not know who those users are; nor do I recognize their email IDs. I don’t know how they found out about my team domain and how they were able to sign up. I tried revoking their access, the API call said it was successful, but those users are still there!

Questions:

  1. Am I missing something in setting up Cloudflare? My goal is to setup Cloudflare gateway account to block malware as described in this article How I over-engineered my home network for privacy and security | Ben Balter

  2. Am I opening my account to some security issues with the way I setup my Cloudflare Team account?

Side notes: At first when I created a Cloudflare teams account my I used a domain name as foo123 and then changed it to foo later.
I do see foo.cloudflareaccess.com/warp under Application URL column under My Team >> Users >> View (next to my user ID) for the user ID I signed up with.

Who did you allow under this section?

2 Likes

Thanks for your response. My device enrollment policy was “Emails ending in” @gmail.com. I have narrowed it down only to the emails I want - which should help limit access to others.
However, I am still not able to remove those users from My Team >> Users page even after clicking Revoke multiple times (as seen in the image, bottom right corner). So I was wondering if those users are still in my team and how should I go about removing them. Thanks for your help.

Did you refresh the page first?

If the users are still there after page refresh, then you might need to contact Cloudflare Support.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.