Skip to content
Cloudflare Docs
DirectoryAPISDKsChangelog

MDM deployment

Organizations can deploy and manage the Cloudflare One Client (formerly WARP) across their fleet of devices in two complementary ways:

  • Through a mobility management solution (MDM) — Push the client installer and its deployment parameters using a tool such as Intune, JAMF, Kandji, or JumpCloud, or by executing an .msi file on desktop machines. This page covers the MDM-driven workflow.
  • From the Cloudflare dashboard — Manage client versions for groups of devices directly from the Zero Trust dashboard, without relying on a third-party MDM solution. For more information, refer to Client version assignments.

MDM policy file

Refer to our managed deployment instructions and create a .plist, mdm.xml, or .msi policy file based on your organization's software management tool.

MDM parameters that you specify in a local policy file will overrule any device client settings configured in the dashboard.

Therefore, we recommend that your policy file only contain the organization name and potentially the onboarding flag, relying on the dashboard to configure the remaining device settings.

<dict>
  <key>organization</key>
  <string>your-team-name</string>
  <key>onboarding</key>
  <false/>
</dict>

  1. In the Cloudflare dashboard, select Zero Trust.

  2. On the onboarding screen, choose a team name. The team name is a unique, internal identifier for your Zero Trust organization. Users will enter this team name when they enroll their device manually, and it will be the subdomain for your App Launcher (as relevant). Your business name is the typical entry.

    You can find your team name in the Cloudflare dashboard by going to Zero Trust > Settings.

  3. Complete your onboarding by selecting a subscription plan and entering your payment details. If you chose the Zero Trust Free plan, this step is still needed but you will not be charged.

When you create your organization, Cloudflare automatically adds the Cloudflare identity provider as your default login method, so your users can sign in with their Cloudflare account credentials right away. You can add a one-time PIN or connect a third-party identity provider at any time.