Temporary authentication

With Cloudflare Access, you can require that users obtain approval before they can access a specific self-hosted application or SaaS application. The administrator will receive an email notification to approve or deny the request. Unlike a typical Allow policy, the user will have to request access at the end of each session. This allows you to define the users who should have persistent access and those who must request temporary access.

Set up temporary authentication

1. In Zero Trust ↗, go to Access > Applications.
2. Choose a Self-hosted or SaaS application and select Configure.
3. Choose an Allow policy and select Configure.
4. Under Additional settings, turn on Purpose justification.
5. Turn on Temporary authentication.
6. Enter the Email addresses of the approvers.

   Note

   Your approvers must be authenticated by Access. If they do not have an active session, Access will verify their identity against your App Launcher Access policy.

7. Save the policy.

Temporary authentication is now enabled for users who match this policy. You can optionally add a second Allow policy for users who should have persistent access. Be sure the policy order is set to allow persistent users through.

Temporary authentication requests

Approvers will receive a request similar to the example below. The approver can then grant access for a set amount of time, up to a maximum of 24 hours.

Was this helpful?

What did you like?

Accurate

Easy to understand

Solved my problem

Helped me decide to use the product

Other

What went wrong?

Hard to understand

Incorrect information

Missing the information

Other

Thank you for helping improve Cloudflare's documentation!