Cloudflare Zero Trust doesn't refresh access groups
I'm currently setting up access to an internal network using Cloudflare Tunnel with Zero Trust and warp. For this purpose we added a new group for users to our identity provider and added that group as an Access Group to ZT. Then we adjusted a Firewall Policy to regulate traffic in our internal to use this group for user access. However Cloudflare doesn't seem notice that this role has been assigned to my current user.
I re-signed into Cloudflare Zero Trust on the Warp client using an incognito browser window so I guess Cloudflare should be able to detect that I am now part of that group and allow access.
Does anyone know how to debug or fix this?
3 Replies
This is what the testing mode from CF auth for our OIDC provider returns, as you can see, the Infra Developer group is present there
We then have this Access Group which is supposed to be given to everyone who has this role listed in our IdP
And then in the Expression for our firewall policy we check it like this, which works with all other groups except this new group
