Add a self-hosted application
Cloudflare Access allows you to securely publish internal tools and applications to the Internet by providing an authentication layer between the end user and your origin. You can use signals from your existing identity providers (IdPs), device posture providers, and to control who can access your application.
1. Add your application to Access
Select Add an application.
Enter any name for the application.
Choose a Session Duration. The session duration determines the minimum frequency for which a user will be prompted to authenticate with the configured IdP. If you want users to re-authenticate every time they reach your application, select No duration, expires immediately.
In Application domain, enter the domains that will represent the application.
Under Block pages, choose what end users will see when they are denied access to the application:
In the Identity Providers card, select the identity providers you want to enable for your app.
(Optional) Turn on Instant Auth if you selected only one IdP and want users to skip the identity provider selection step.
2. Add an Access policy
Enter any name for your rule.
(Optional) Customize the login experience for users who match this policy:
3. (Optional) Configure advanced settings
You can configure the following advanced settings for your application:
To finish configuring the application, select Add application.
4. Connect your origin to Cloudflare
5. Validate the Access token
One option is to configure the Cloudflare Tunnel daemon,
cloudflared, to validate the token on your behalf. This is done by enabling in your Cloudflare Tunnel settings. If you do not wish to use Cloudflare Tunnel, you can to check all requests for a valid token.
Users can now connect to your self-hosted application after authenticating with Cloudflare Access.
When using Access self-hosted applications, the majority of Cloudflare products will be compatible with your application.
However, the following products are not supported: