Zero Trust: impossible to enroll, no OTP code recieved by email

Hello,

We have been using Zero Trust since months now as paying customers; We did the trial in entreprise mode with a limit of 65 users. But because of budget issues we needed to switch off self serve because pricing was lower.

We are now at 70 users.
Seems like the “billing” section on Cloudflare shows Zero Trust on self serve, but on the Zero Trust account, it shows “Entreprise” without any possibility to change limits or plan type.

Since then, we had complaints that some of them never recieved OTP email code to access our protected applications. This is preventing a at least 6 freelancers to do their work since they can’t enroll WARP into Zero Trust nor access protected applications since they can’t recieve their OTP code by email.

Since yesterday, seems like even enrolling in the Zero Trust company team is no longer possible, because in order to enroll WARP into Zero Trust, they need an OTP code sent by email they never retrieved.

What I tried with someone over screen sharing:

Note that this user has already access at some point in the protected application some weeks/months ago.

  • check than [email protected] is part of a group access policy that grant him access to at least 1 protected application.
  • have [email protected] click on “authenticate zero trust session” in the WARP client
  • have john.doe fill the team name required (our company name)
  • have him type his [email protected] email to retrieve the OTP code to enroll WARP into Zero Trust
  • Never recieved the email, (we checked spam folder).

There’s a video of that: CleanShot 2022-08-09 at 11.36.15
Also here’s this user as seen per Cloudflare Zero Trust

Note that I asked of him to re-do the whole process but with a different email address:
[email protected] which has never onboarded on zero trust or any of our protected applications.

  • add the new email [email protected] to a group access policy that grant him access to at least 1 protected application.
  • have [email protected] click on “authenticate zero trust session” in the WARP client
  • have john.doe fill the team name required (our company name)
  • have him type his [email protected] email on the opened web portal to retrieve the OTP code to enroll WARP into Zero Trust
  • Never recieve the email, nor in spam.

Thanks for your help.
Associated ticket is https://support.cloudflare.com/hc/fr-fr/requests/2523622

Following the conversation in the Discord, I have escalated your ticket 2523622.

1 Like

Seems like that upgrading our licence to 70 didn’t solve the issue.
So it seems like it’s not a billing issue at the end.
But it’s still ongoing;

Can you confirm that your Zero Trust dashboard no longer shows you over your user limit as it did before?

Also that you have tried different email addresses and none of them are receiving the code?

CleanShot 2022-08-10 at 11.44.45

Yes, there’s no overquota right now.

I found interesting things:
This freelance one could enroll his device.
He got denied multiple times, not recieving code
Then he got granted yesterday and could work
And then this morning he was denied again without us updating any policies.

We got other cases where others freelancers has the status “Gateway Removed” (maybe due to inactivity in order to avoid paying licences when they’re not working for us for months.

I’m also seeing that 5 freelancers who has trouble retrieving OTP emails has the “Gateway: Removed” on their profile. (see screenshot)
I have no way to update that. Their WARP client is in Blue with “Zero Trust” meaning that the client is enrolled in our team.

Note that our policies explicitly require the Gateway check (to enforce they have warp ON and enrolled in order to secure their connection to our applications)

Your previous ticket was routed to your CSM due to it being entitlement/contract related. Do you have a technical support ticket for the OTP issue?

I suspect it is related to the Gateway status there.

1 Like

I have a ticket opened : https://support.cloudflare.com/hc/fr-fr/requests/2523622
Can you re-route it to technical please since adding more licence didn’t solve the problem ?

If you are on Enterprise then community escalations will not help you. I’d recommend opening a new ticket specifically addressing the OTP issues and solve that one as the quota increase unless you are already discussing the new issue there.

1 Like

:frowning: that’s like opening the same ticket, and waiting for a first reply again :frowning:
But will do, I just feel like I won’t have a solution for today too

Thanks

If you are on Enterprise you should get a response in a matter of a few hours and you have access to live chat as well, not sure if they will be able to help you there but you could try.

1 Like