Secure with Cloudflare Access

Cloudflare Access provides visibility and control over who has access to your custom hostnames. You can allow or block users based on identity, device posture, and other Access rules.

Prerequisites

• You must have an active custom hostname. For setup instructions, refer to Configuring Cloudflare for SaaS.
• You must have a Cloudflare Zero Trust plan in your SaaS provider account. Learn more about getting started with Zero Trust.
• You can only run Access on custom hostnames if they are managed externally to Cloudflare or in a separate Cloudflare account. If the custom hostname zone is in the same account as the SaaS zone, the Access application will not be applied.

Setup

1. At your SaaS provider account, select Zero Trust ↗.
2. Go to Access > Applications.
3. Select Add an application and, for type of application, select Self-hosted.
4. Enter a name for your Access application and, in Session Duration, choose how often the user’s application token should expire.
5. In the Domain field, insert the custom hostname (for example, mycustomhostname.com) and press enter. The custom hostname will not appear in the dropdown and must be manually entered.

   Domain field validation

   Since the custom hostname zone must be managed externally to Cloudflare or in a separate Cloudflare account, it is expected that you find a validation warning Zone is not associated with the current account. You can proceed with the configuration despite this message.

6. Follow the remaining self-hosted application creation steps to publish the application.