Enforce WARP session duration
Cloudflare Zero Trust allows you to enforce session durations on Gateway Network and HTTP policies. Once a session expires, a user will be prompted to re-authenticate with the identity provider they used to enroll in the WARP client.
Prerequisites
Ensure that traffic can reach your IdP and <your-team-name>.cloudflareaccess.com
through WARP.
Configure session duration
You can configure a WARP session for any Allow policy. To configure a session:
- In Zero Trust, navigate to either Gateway > Firewall Policies > Network or Gateway > Firewall Policies > HTTP.
- Create a policy and select the Allow action. Alternatively, choose any existing Allow policy.
- Under Step 4 - Configure policy settings, select Edit next to Enforce WARP client session duration.
- Enter a session expiration time in
1h30m0s
format and save. - Save the policy.
Session checks are now enabled for the application protected by this policy.
Limitations
- Only one user per device — If a device is already registered with User A, User B will not be able to log in on that device through the re-authentication flow. You can revoke a device registration by going to My Team > Devices.