An application must be using Cloudflare (you can see if a subdomain is on Cloudflare by checking for the orange cloud in the DNS tab) to use Access.
Login to the Cloudflare dashboard. Click the ‘Access’ tile in the nav bar to visit the Access configuration.
Each user of Cloudflare Access lives on their own authentication domain. This domain will show in the address bar while the user is authenticating onto your site. This domain will be shared for all the sites hosted on your Cloudflare account. This domain is necessary, as it is used by Cloudflare to store the cookie used to identify authenticated users.
Your identity provider is the service your user’s will login against to authenticate with your site. For example, if you use Google Apps, connect Google as your identity provider. It should be a service where your user’s to already have an account.
If you don’t have an identity provider, you can use the One-Time Pin integration, which will email your visitors a one-time pin they can use to authenticate as long as they are included in your policy criteria. The One-Time Pin option is enabled by default. To integrate with an identity provider, follow the instructions below:
Select which identity provider you wish to add. The current supported identity providers are:
Follow the identity provider-specific options.
Access policies define who can and can’t visit a given location on your site. A collection of policies are saved as an Application.
@cloudflare.comto allow everyone in your organization.
Visit the subdomain or path where Access is configured and attempt to connect.
Continue to add policies to any portions of your site you would like to keep private (like development sites and internal resources), and to any external services which have subdomains on your site (like Box or Google Apps for Business).