Cloudflare Docs
Cloudflare Zero Trust
Edit this page on GitHub
Set theme to dark (⇧+D)

Device serial numbers

Cloudflare Zero Trust allows you to build Zero Trust rules based on device serial numbers. You can create these rules so that access to applications is granted only to users connecting from company devices.

​​ Prerequisites

  • Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP client checks.

​​ Create a list of serial numbers

To create rules based on device serial numbers, you first need to create a Gateway List of numbers.

  1. In Zero Trust, go to My Team > Lists.

  2. Select Create manual list or Upload CSV. For larger teams, we recommend uploading a CSV or using Cloudflare’s API endpoint.

  3. Give your list a descriptive name, as this name will appear when configuring your policies.

  4. Set List Type to Serial numbers.

  5. Enter the serial numbers of the devices your team manages, or upload your CSV file.

  6. Select Save.

You can now create an Access policy or a Gateway network policy that checks if the device presents a serial number on your list. In Access, the serial number check will appear as a Device Posture - Serial Number List selector. In Gateway, your serial number list will appear in the Value dropdown when you choose the Passed Device Posture Check selector.

​​ Determine the serial number

​​ macOS

  1. Open a terminal window.

  2. Use the system_profiler command to check for the value of SPHardwareDataType and retrieve the serial number.

    system_profiler SPHardwareDataType | grep 'Serial Number'

​​ Windows

  1. Open a PowerShell window.

  2. Use the Get-CimInstance command to get the SerialNumber property of the Win32_BIOS class.

    Get-CimInstance Win32_BIOS

​​ Linux

  1. Open a Terminal Window

  2. Use the dmidecode command to get the version property system-serial-number.

    sudo dmidecode -s system-serial-number

​​ iOS, Android and ChromeOS

Serial number checks are not supported on mobile devices. You can identify mobile devices by a unique client ID instead of by serial number.