How do I configure SMS Auth for Access Applications?
I'm trying to setup access control for a subdomain (test.mydomain.com) and I want to setup the SMS authentication, so whenever someone visits that subdomain, they're required to authenticate with a valid phone number.
However, I'm not sure how to configure SMS auth.
14 Replies
i don't think sms authentication is an option for zt, and it shouldn't be
It is an option for access application
I'm able to choose it
I just dont know how to configure it
Do you mean the authentication method drop down in an Access Policy?
Yes
That only works if you have a supported identity provider set up. All it does it checks that the user used MFA at the IDP
https://developers.cloudflare.com/cloudflare-one/policies/access/mfa-requirements/
Alright thank you
I have another question
how would I setup an access application policy for an ssh tunnel ?
There is nothing different about an access policy for SSH. The only difference is that under the access application you can enable browser rendering
Well right now I have an email access policy for my proxmox subdomain, so when someone visits, they're required to enter their email, enter the code they get on their email and then they gain access to the proxmox interface. However, with SSH that doesn't work, I've tried setting up email authentication the exact same way for my ssh subdomain but no authentication is required when I try to ssh in.
How are you SSHing in?
Are you following https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication/#2-connect-as-a-user
Yes I've done all of that
So if you run
cloudflared access ssh --hostname <your hostname> on the client it works?It prints out: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3
Then you are going through access and should see it in your access logs
I am going through access?
What do you mean
Oh
wait
I got it to work