I ran into a similar issue.
There are two sections here:
The gateway portion:
You will need to go to the policy page under the Gateway section of the site. Create a policy if you haven’t already. Then go to the location page under the gateway section, create a location if you haven’t already and link it to the policy. After that in the setup instructions for the location you will see a DOH url. Take the subdomain portion of that url and in the warp app, go to preferences->Connection. In the DOH subdomain field, paste that there and click save. That then forces the device to use the cloudflare gateway dns which the policy then applies.
WARP Device Enrollment:
The organization name is the subdomain piece from your cloudflareaccess.com url. Under the Access section of the site under Authentication page take the subdomain section of your Auth domain url and use that.
But before you do that, make sure you have a device enrollment policy setup under the Devices page in the My Teams section. Otherwise you will get an http error page when you try to enroll the device.
Hope this helps. I had to dig a bit to figure out all this.