Cloudflare Access allows you to securely publish internal tools and applications to the Internet by providing an authentication layer between the end user and your origin server. You can use signals from your existing identity providers (IdPs), device posture providers, and other rules to control who can access your application.

Each application can have multiple policies with different constraints depending on what user group is accessing the application. For example, you can create one policy that requires corporate users to present specific device posture checks or mutual TLS authentication events, and a second policy for contractors which does not require these attributes.

Add your application to Access

In Zero Trust ↗, go to Access > Applications. Select Add an application. Select Self-hosted. Enter any name for the application. In Session Duration, choose how often the user's application token should expire. Cloudflare checks every HTTP request to your application for a valid application token. If the user's application token (and global token) has expired, they will be prompted to reauthenticate with the IdP. For more information, refer to Session management.

When users go to the application, they will be prompted to login with your identity provider.