#`secure.mydomain.com` cloudflare one OTP sign in "That account does not have access. "

1 messages · Page 1 of 1 (latest)

zenith glade
#

I'm hoping to use Cloudflare One's OTP sign in method in order to secure access a R2 file share at secure.mydomain.com in the web browser

In cloudflare one I configured an app with a public url of secure.mydomain.com

OTP sign in method is enabled.

I've tried adding (and not adding) email policies that match my cloudflare account's email to the app and to the "application launcher" with no effect

When I visit secure.mydomain.com and enter my cloudflare account email and a bogus code I am presented with "That account does not have access. ". I also do not receive a OTP code.

I've followed [1] and have go so far as to add a "allow everyone" policy to my app as a temporary test. No success.

[1] https://www.rydercragie.com/articles/how-to-restrict-access-to-a-website-or-r2-bucket-with-cloudflare-zero-trust

image.png
Ryder Cragie - How to Restrict Access to a Website or R2 Bucket Wit...

Websites & Domains • Ryder Cragie • 27th October 2023
Article Short Link: Ryder.link/cloudflare/zero-trust
Video Short Link: Ryder.link/cloudflare/zero-trust/video

faint flameBOT
#
Support AI

Based on the provided documentation, it seems that you have correctly configured the OTP sign-in method and added the public URL of secure.mydomain.com to the Cloudflare One app.

However, to grant access to the R2 file share, you need to add an Access policy that explicitly allows the group your user account is associated with. According to the documentation, you can do this by adding your email address to an Access policy (https://developers.cloudflare.com/cloudflare-one/access-controls/policies/policy-management/#create-a-policy).

Additionally, you can also try visiting the custom domain you connected to your R2 bucket, which should present a Cloudflare Access authentication page with your selected identity provider(s) and/or authentication methods (https://developers.cloudflare.com/r2/tutorials/cloudflare-access/#4-test-your-access-policy).

If you are still having issues, please ensure that you have correctly configured the OTP sign-in method and that your email address is added to the correct Access policy.

Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
zenith glade
#

edit: it looks like I have received a single cloudflare OTP delayed by over 20 minutes. Maybe I just need to wait an hour after clicking the send an email button.

zenith glade
#

oh, that won't work

image.png
#

Device enrollment permissions might be the relevant permission