Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

Self-hosted applications

Cloudflare Access allows you to securely publish internal tools and applications to the Internet, by providing an authentication layer using your existing identity providers to control who has access to your applications.

Self-hosted applications diagram

Make sure you create Zero Trust policies before connecting your application to Cloudflare. To connect your origin to Cloudflare, you can use Cloudflare Tunnel. If you do not wish to use Cloudflare Tunnel, you must validate the token issued by Cloudflare on your origin.

1. Add your application

  1. On the Teams dashboard, navigate to Access > Applications.

  2. Click Add an application.

  3. Select Self-hosted.

    Access Saas and Self-Hosted

    You are now ready to start configuring your app.

  4. Choose an application name and set a session duration.

    Set application name

  5. From the drop-down menu under Application domain, select a hostname that will represent the application. The hostname must be an active zone in your Cloudflare account.

  6. Scroll down to the Application logo card to configure your application logo. To add a custom logo, click Custom and input a link to your desired image.

    Set application logo

  7. Next, scroll down to the Identity Providers card to select the identity providers you want to enable for your app.

    Select identity providers

  8. Turn on Instant Auth if you are selecting only one login method for your application, and would like your end users to skip the identity provider selection step.

  9. Click Next.

2. Add a policy

You can now configure a policy to control who can access your app.

To learn more about how policies work, read our Policies section.

  1. First, specify a name for your rule. This is a mandatory field.

  2. Specify a policy action.

  3. Specify one or more rules in the Configure a rule box. You can add as many include, exception, or require statements as needed.

  4. Click Next to add your application to Access.

3. Advanced settings

The Setup section allows you to configure a few advanced settings for your application.

  1. Configure Cross-Origin Resource Sharing (CORS) settings.

    Advanced settings

  2. Configure cookie settings. For more information, you can read about session management here.

    Cookies and cloudflared settings

  3. Configure cloudflared settings. For more information, read more about automatic cloudflared authentication.

  4. Once you've configured the settings as needed, click Add application.

Your application is now available in Cloudflare Access, and will appear in your Applications list. You can proceed with connecting your origin to Cloudflare using this address.