Cloudflare Docs
Cloudflare Zero Trust
Edit this page on GitHub
Set theme to dark (⇧+D)

Device UUID

Cloudflare Zero Trust allows you to build Zero Trust rules based on device UUIDs supplied in an MDM file. You can create these rules so that access to applications is granted only to users connecting from company devices.

​​ Prerequisites

  • Cloudflare WARP client is deployed on the device. For a list of supported modes and operating systems, refer to WARP client checks.

​​ 1. Assign UUIDs to devices

You will need to use a managed deployment tool to assign UUIDs. It is not possible to assign them manually.

  1. Generate a unique identifier for each corporate device. For best practices on choosing UUIDs, refer to the Android documentation.

  2. Enter the UUIDs into your MDM configuration file using the unique_client_id key.

​​ 2. Create a list of UUIDs

To create rules based on device UUIDs, you first need to create a Gateway List of UUIDs.

  1. In Zero Trust, go to My Team > Lists.

  2. Select Create manual list or Upload CSV. For larger teams, we recommend uploading a CSV or using Cloudflare’s API endpoint.

  3. Give your list a descriptive name, as this name will appear when configuring your policies.

  4. Set List Type to Device IDs.

  5. Enter the UUIDs of the devices your team manages, or upload your CSV file.

  6. Select Save.

​​ 3. Enable the posture check

  1. In Zero Trust, go to Settings > WARP Client.

  2. Scroll down to WARP client checks and select Add new.

  3. Select Unique Client ID.

  4. You will be prompted for the following information:

    • Name: Enter a unique name for this device posture check.
    • Operating system: Select the operating system of the device.
    • List: Select your list of UUIDs.
  5. Select Save.

  6. Verify that the posture check is returning the expected results.

You can now create an Access or Gateway device posture policy that checks if the device presents a UUID on your list.