Build an enrollment policy
Cloudflare for Teams allows you to establish which users in your organization can enroll new devices or revoke access to connected devices. To do that, you can create a device enrollment rule on the Teams dashboard.
Click Device enrollment on the top-right corner.
In the rule builder, configure a rule to define who can enroll or revoke devices.
In this example, only users with
cloudflare.comemail addresses who successfully authenticate during device enrollment through the WARP client will be able to enroll in the organization. This rule prevents outsider users from sending traffic through your account and will give your organization the ability to capture user profile logs and apply profile-specific rules.
- Click Save.
End users can now download WARP (or have it made available via MDM) and enroll their device.
Once installed, click the gear icon.
Under the Account tab, click Login with Cloudflare for Teams.
The user must input your Cloudflare for Teams org name. You can find your team's name under the Authentication tab in the Access section of the sidebar.
The user will be prompted to login with the identity provider configured in Cloudflare Access. Once authenticated, the client will update to Teams mode. You can click the gear to toggle between DNS filtering or full proxy.