# Cloudflare Zero Trust
Time Required1 Hour
DifficultyEasy
Required KnowledgeSSH
## Set up Zero Trust 1. Browse to 2. Follow the onscreen steps to create a Zero Trust organization 3. When prompted select the Free Zero Trust plan - you will still need to provide payment details {% hint style="info" %} Source: {% endhint %} ## Set up your first Access Policy ### Administrator / your policy In this step, we will create your generic access policy. This policy will be configured to allow only your email address to access resources 1. Open your Zero Trust dashboard, 2. On the left, select Access Controls > Policies 3. Click on Add a policy 1. Basic Information:
Policy NameYour name or 'administrator'
ActionAllow
2. Add rules:
SelectorEmails
ValueYour email address and/or the list of other 'administrators'
4. Click on Save ### Friends and Family Policy In this step, we will create your generic 'friends' access policy. This policy will be configured to allow your specific friends, email email address, to access certain applications This policy set is useful for specific items that you want to lock down to specific people 1. Open your Zero Trust dashboard, 2. On the left, select Access Controls > Policies 3. Click on Add a policy 1. Basic Information:
Policy NameFriends and Family
ActionAllow
2. Add rules:
SelectorEmails
ValueA list of email addresses you wish to allow
4. Click on Save ### Everyone Policy In this step, we will create your generic 'everony' access policy. This policy will be configured to allow ANYONE to authenticate {% hint style="danger" %} Any applications using the policy will be accessible to the public internet - use this with caution {% endhint %} 1. Open your Zero Trust dashboard, 2. On the left, select Access Controls > Policies 3. Click on Add a policy 1. Basic Information:
Policy NamePublic Internet
ActionAllow
2. Add rules:
SelectorEveryone
4. Click on Save ## Set up Wildcard application This is your 'default' application for your site. Anything set to use policy `tld_default` in [Dockflare](/guides/other-guides/cloudflare/dockflare-tunnel-management.md) will use this *application* for its Authentication 1. Open your Zero Trust dashboard, 2. On the left, select Access Controls > Applications 3. Click on Add Application 4. Select Self Hosted 1. Application name: Your Domain name 2. Click on 'Add public hostname' 1. Subdomain: \* 2. Select your first domain 3. Access policies: Select existing, then select your Administrator policy 4. Click on Next 5. Click on Next 6. Click on Save 5. Repeat for each domain Now all of your subdomains are secured. If you wish to secure your root domain (eg example.com), follow the same but leave subdomain (Bi) blank --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.trentbauer.com/guides/other-guides/cloudflare/cloudflare-zero-trust.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.