Is there not a way for the Warp client to be its own identity provider? If a user has already connected to Warp, they’ve been identified. How can I give access to an application to a user who’s already connected to Warp and skip the pin?
I believe you’re looking for Require Gateway:
(You don’t want “Require WARP”, as it allows anyone connected to WARP, even the customer version)
Thank you. Now non-gateway users don’t see the pin prompt. Gateway users do, however. Is it possible to remove the pin prompt, since those users are verified? Is it possible to provide the gateway user to the origin so they can be auto-logged in?
Current trick to do this is make a policy with the following config:
Action = Service Auth
Include = Gateway
This will seamlessly let a user through if they are on your Gateway connection.
That being said, WARP as an IdP/Authentication method is on our roadmap Then you will be able to reference direct elements about a user’s identity from the WARP connection itself. Stay tuned for this!