Skip to content
Cloudflare Docs logomark
Cloudflare
Docs
Cloudflare-One
Navigation menu icon
Open external link
Cloudflare Docs logomark
Cloudflare
Docs
Cloudflare Zero Trust
Dropdown icon
Cloudflare Zero Trust menu
Blog: Introducing Cloudflare One
Cloudflare for Teams pricing
Cloudflare homepage
Overview
Get started
Tutorials
Expand: Identity
Identity
One-time PIN login
Expand: SSO integration
SSO integration
Generic SAML 2.0
SAML | Centrify
Azure AD®
SAML | OneLogin
SAML | Jumpcloud
SAML | Active Directory®
PingFederate®
PingOne®
SAML | Citrix ADC
SAML | Signed AuthN requests
SAML | Keycloak
Generic OIDC
OneLogin OIDC
Centrify
Facebook
GitHub
Google
Google Workspace
LinkedIn
Okta
Okta (SAML)
Yandex
Expand: Device posture
Device posture
Expand: WARP client checks
WARP client checks
Application check
Carbon Black
Device serial numbers
Disk encryption
Domain joined
File check
Firewall
OS version
Require Gateway
Require WARP
SentinelOne
Expand: Service providers
Service providers
CrowdStrike
Microsoft Endpoint Manager
Uptycs
Workspace ONE
Expand: Access integrations
Access integrations
Azure AD
Mutual TLS
Tanium
Uptycs
Expand: User management
User management
Access groups
Session management
Seat management
Short-lived certificates
Expand: Access JWTs
Access JWTs
Validate JWTs
Application token
Service tokens
Login page
Expand: Connections
Connections
Expand: Cloudflare Tunnel
Cloudflare Tunnel
Expand: Get started
Get started
Expand: Set up a tunnel
Set up a tunnel
Expand: Via the dashboard
Via the dashboard
Configuration
Expand: Via the command line
Via the command line
Expand: Configuration
Configuration
Configuration file
Ingress rules
Cloudflared parameters
Run a tunnel
Expand: Run as a service
Run as a service
Linux
macOS
Windows
Useful commands
Tunnel availability and failover
Tunnel permissions
Useful terms
Downloads
GitHub
External link icon
Open external link
Expand: Private networks
Private networks
Connect private networks
Private hostnames and IPs
Tunnel Virtual Networks
Expand: Public hostnames
Public hostnames
DNS record
Load balancers
Expand: Tunnel administration
Tunnel administration
AWS
Azure
GCP
Kubernetes
Expand: Do more with Tunnel
Do more with Tunnel
Secure the server
Ports and IPs
Migrate legacy tunnels
Quick Tunnels
Tunnel hosting requirements
Expand: License
License
Copyrights
Expand: Connect devices
Connect devices
Expand: WARP
WARP
First-time setup
Download WARP
Install the Cloudflare certificate
Expand: Deploy WARP
Deploy WARP
Expand: Managed deployment
Managed deployment
Expand: Partners
Partners
Hexnode
Intune
Jamf
JumpCloud
Kandji
Parameters
Manual deployment
WARP with firewall
WARP with legacy VPN
Expand: Bypass WARP
Bypass WARP
Local Domain Fallback
Split Tunnels
WARP settings
Remove WARP
Expand: Agentless options
Agentless options
Expand: DNS
DNS
Expand: Add locations
Add locations
DNS resolver IPs and hostnames
DNS over HTTPS
DNS over TLS
Native OS
Router setup
HTTP
Expand: Applications
Applications
Expand: Add web applications
Add web applications
SaaS applications
Self-hosted applications
Cloudflare dashboard SSO application
Expand: Add non-HTTP applications
Add non-HTTP applications
Arbitrary TCP
Expand: Scan SaaS applications
Scan SaaS applications
Expand: Available integrations
Available integrations
Google Workspace
Microsoft 365
Add bookmarks
App Launcher
Expand: Policies
Policies
Expand: Secure Web Gateway
Secure Web Gateway
Expand: Get started
Get started
DNS filtering
Network filtering
HTTP filtering
Expand: DNS policies
DNS policies
Common policies
Check that a policy is working
DNS Categories
Expand: Network policies
Network policies
Common policies
SSH proxy and command logs
Expand: HTTP policies
HTTP policies
Common policies
Global rules
Order of enforcement
Expand: Data Loss Prevention
Data Loss Prevention
Predefined DLP Profiles
Incompatible traffic
Tenant control
AV scanning
Applications and app types
Identity-based policies
Block page
WARP session duration
Lists
Dedicated egress IPs
Expand: Access
Access
Policy management
Require Purpose Justification
CORS
External Evaluation rules
Application paths
Enforce MFA
Temporary authentication
Expand: Browser Isolation
Browser Isolation
Accessibility
Setup
Known limitations
Clientless Web Isolation
Extensions
Browser Isolation with firewall
Expand: Analytics
Analytics
Shadow IT Discovery
Gateway Analytics
User logs
Expand: Zero Trust logs
Zero Trust logs
Expand: Gateway Activity logs
Gateway Activity logs
Manage PII
Access Audit logs
Tunnel Audit logs
Expand: API and Terraform
API and Terraform
Access API examples
Scoped API tokens
Terraform
Glossary
Account limits
Roles and permissions
FAQ
Search icon (depiction of a magnifying glass)
/
Give Feedback
GitHub icon
Visit Cloudflare Zero Trust on GitHub
Light theme icon (depiction of a sun)
Dark theme icon (depiction of a moon)
Set theme to dark (⇧+D)
Agentless DNS filtering
Add locations
DNS over HTTPS
DNS over TLS
Native OS
Router setup