Configure Client for a specific Program

These guides assume you already have the WARP Client installed, if you haven't please go to: Warp Client Install

Configuration

macOS

  1. Go to account preferences in the client.
  2. Fill in the team domain:

image

Note: If you do not know the team domain please contact support.

  1. Login to the WARP authentication website (pops-up automatically). Use your whitelisted e-mail address.

image

Note: Please use the same email you registered with HackerOne.

  1. Authentication succesfull, register client into program

Click the "Open Cloudflare WARP" button image

  1. Client changed

The client should now display "Zero Trust" instead of "WARP" image

Windows

  1. Go to account preferences in the client.

Click "account" tab image

  1. Fill in the team domain:

image

Note: If you do not know the team domain please contact support.

  1. Login to the WARP authentication website (pops-up automatically). Use your whitelisted e-mail address.

image

Note: Please use the same email you registered with HackerOne.

  1. Authentication succesfull, register client into program

Click the "Open Cloudflare WARP" button image

  1. Client changed

The client should now display "Zero Trust" instead of "WARP" image

Linux

  1. To connect for the very first time you must register first warp in your system. Register the client
warp-cli register

Note: (Repeat in case of API error)

  1. Convert WARP to Zero Trust, by logging into the team domain
warp-cli teams-enroll [team-domain]

Note: If you do not know the team domain please contact support.

  1. Navigate to the domain page, add your whitelisted e-mail address, get the one-pin and connect
A browser window should open at the following URL:
https://[team-domain].cloudflareaccess.com/warp 
If the browser fails to open, please visit the URL above directly in your browser.

Note: Please use the same email you registered with HackerOne.

3a. CLI only login Alternatively if you have CLI only access you can:

warp-cli teams-enroll [team-domain]

After this open the URL listed in the output on you local machine, or via terminal based browser. Then within 30 seconds of authenticating. Copy the token and use it in terminal: screenshot

warp-cli teams-enroll-token com.cloudflare.warp://[team-domain].cloudflareaccess.com/auth?token=[token]

If the timer runs out before you enter the token you will get the following error:

Error: Invalid JWT provided.
  1. Connect the WARP Client
warp-cli connect
warp-cli status -> Must show "Status update: Connected"
warp-cli account -> will show if connecting to account was successful

Troubleshooting

Split tunnel policy

It is possible to check the split-tunnel policy from the client.
In Settings go to Advanced
Click on the button Split Tunnel image

The same is possible from the command-line:

warp-cli settings

Which will return something like

$ warp-cli settings
Merged configuration:
Always On: true
Switch Locked: false
Mode: WarpWithDnsOverHttps
Cloudflare for Families: Off
Disabled for Wifi: false
Disabled for Ethernet: false
Gateway Id: [gateway_id]
Onboarding: true
Include mode, with hosts/ips:
  ifconfig.me
Fallback domains:
  home.arpa
...