Cloudflare Docs
Cloudflare Zero Trust
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Get started

This guide covers the recommended steps to start securing your users and devices with Cloudflare Zero Trust.

​​ Prerequisites

Sign up for a Cloudflare account.

​​ Create a Zero Trust organization

  1. On your Account Home in the Cloudflare dashboard, select the Zero Trust icon.

  2. On the onboarding screen, choose a team name. The team name is a unique, internal identifier for your Zero Trust organization. Users will enter this team name when they enroll their device manually, and it will be the subdomain for your App Launcher (as relevant). Your business name is the typical entry.

  3. Complete your onboarding by selecting a subscription plan and entering your payment details. If you chose the Zero Trust Free plan, this step is still needed but you will not be charged.

Welcome to Cloudflare Zero Trust! You can now explore a list of one-click actions we have designed to help you kickstart your Zero Trust experience.

​​ Install the WARP client on your devices

If you want to enable security features such as Browser Isolation, HTTP filtering, AV scanning, and device posture, or connect networks to Cloudflare, here are the next steps you need to take:

  1. Set up a login method. Configure One-time PIN or connect a third-party identity provider in Zero Trust. This is the login method your users will utilize when authenticating to add a new device to your Zero Trust setup.

  2. Next, define device enrollment permissions. Create device enrollment rules to define which users in your organization should be able to connect devices to your organization’s Zero Trust setup. As you create your rule, you will be asked to select which login method you would like users to authenticate with.

  3. Install the Cloudflare root certificate on your devices. Advanced security features including HTTP traffic inspection require users to install and trust the Cloudflare root certificate on their machine or device. If you are installing certificates manually on all your devices, these steps will need to be performed on each new device that is to be subject to HTTP filtering.

  4. Download and deploy the WARP client to your devices. Choose one of the different ways to deploy the WARP client, depending on what works best for your organization.

  5. Log in to your organization’s Cloudflare Zero Trust instance from your devices. On your device, go to the Settings section in the WARP client and insert your organization’s team name.

Your devices are now connected to Cloudflare Zero Trust through the WARP client. You can go to My Team > Devices to find a list of your enrolled devices, when they were last seen, and the WARP client version they are running.

Next, enforce security policies on your traffic and access requests.