With Cloudflare Access, you can require that users obtain approval before they can access a specific self-hosted application or SaaS application. The administrator will receive an email notification to approve or deny the request. Unlike a typical Allow policy, the user will have to request access at the end of each session. This allows you to define the users who should have persistent access and those who must request temporary access.
- InCloudflare One ↗, go toAccess controls >Applications.
- Choose aSelf-hosted orSaaS application and selectConfigure.
- Choose anAllow policy and selectConfigure.
- UnderAdditional settings, turn onPurpose justification.
- Turn onTemporary authentication.
- Enter theEmail addresses of the approvers.
Your approvers must be authenticated by Access. If they do not have an active session, Access will verify their identity against yourApp Launcher Access policy.
- Save the policy.
Temporary authentication is now enabled for users who match this policy. You can optionally add a secondAllow policy for users who should have persistent access. Be sure the policy order is set to allow persistent users through.
Approvers will receive a request similar to the example below. The approver can then grant access for a set amount of time, up to a maximum of 24 hours.
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
