These guides assume you already have the WARP Client installed. If you don't, please go to our Warp Client Install document and follow the instructions there. To find the Cloudflare team name needed for this configuration, go to Profile > User Settings > Gateway.
Windows
Go to Account preferences in the client, and click Login with Cloudflare for Teams.
Fill in the team name and click OK:
Login to the WARP authentication website (pops up automatically). Use your whitelisted "@wearehackerone.com" email address.
Note: Please use your @wearehackerone.com alias.
Authentication successful, register client into the program
Click the "Open Cloudflare WARP" button
Client changed
macOS
Go to Account preferences in the client.
Click the Account tab, then click Login with Cloudflare Zero Trust.
Fill in the team name and click Done:
Login to the WARP authentication website (pops up automatically). Use your whitelisted "@wearehackerone.com" email address.
Note: Please use your @wearehackerone.com alias.
Authentication successful, register client into the program
Click the "Open Cloudflare WARP" button
Client changed
The client should now display "Zero Trust" instead of "WARP"
Linux
To connect for the very first time you must register first warp in your system. Register the client:
warp-cli register
Note: (Repeat in case of API error)
Convert WARP to Zero Trust, by logging into the team domain:
warp-cli teams-enroll [team-name]
Navigate to the domain page, add your whitelisted e-mail address, get the one-pin, and connect
A browser window should open at the following URL: https://[team-name].cloudflareaccess.com/warp If the browser fails to open, please visit the URL above directly in your browser.
Note: Please use the same email you registered with HackerOne.
CLI-only login Alternatively if you have CLI-only access you can:
warp-cli teams-enroll [team-name]
After this open the URL listed in the output on your local machine, or via a terminal-based browser. Then within 30 seconds of authenticating. Copy the token and use it in the terminal:
warp-cli teams-enroll-token com.cloudflare.warp://[team-name].cloudflareaccess.com/auth?token=[token]
If the timer runs out before you enter the token you will get the following error:
Error: Invalid JWT provided.
Connect the WARP Client
warp-cli connect warp-cli status -> Must show "Status update: Connected" warp-cli account -> will show if connecting to account was successful
Troubleshooting
Split Tunnel Policy
It is possible to check the split-tunnel policy from the client.
The same is possible from the command line:
warp-cli settings
That will return something like:
Merged configuration: Always On: true Switch Locked: false Mode: WarpWithDnsOverHttps Cloudflare for Families: Off Disabled for Wifi: false Disabled for Ethernet: false Gateway Id: [gateway_id] Onboarding: true Include mode, with hosts/ips: ifconfig.me Fallback domains: home.arpa ...