Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Workspace ONE

Feature availability
Operating systems WARP mode required Zero Trust plans
macOS, Windows, Linux WARP with Gateway All plans

Device posture with Workspace ONE requires the Workspace ONE agent and the Cloudflare WARP client to be deployed on your devices. For this integration to function, our service-to-service posture check relies on the serial_number being the same in both clients. Follow the instructions below to set up the posture check.

​​ 1. Obtain Workspace ONE Settings

The following Workspace ONE values are needed to set up the Workspace ONE posture check:

  • ClientID
  • Client Secret
  • Region-Specific token URL

To retrieve those values:

  1. Log in to your Workspace ONE dashboard.
  2. Go to Groups & Settings > Configurations.
  3. Enter OAuth in the search bar labeled Enter a name or category.
  4. Select OAuth Client Management in the results. The OAuth Client Management screen displays.
  5. Select Add.
  6. Enter values for the Name, Description, Organization Group, and Role.
  7. Ensure that the Status is Enabled.
  8. Select Save.
  9. Copy the Client ID and Client Secret to a safe place.
  10. To obtain your REST API URL, gp tp Groups & Settings > All Settings > System > Advance > Site URLs > REST API URL.
  11. Retrieve the Region-Specific Token URL from Workspace ONE and copy it to a safe place.

​​ 2. Add Workspace ONE as a service provider

  1. Go to Settings > Devices > Device posture providers and select Add new.
  2. Select Workspace ONE.
  3. Give your provider a name. This name will be used throughout the dashboard to reference this connection.
  4. Enter the Client ID and Client secret you noted down above.
  5. Select a Polling frequency for how often Cloudflare Zero Trust should query Workspace ONE for information.
  6. Enter the Region-specific token URL and REST API URL you noted down above.
  7. Select Save.
You will see the new provider listed under Settings > WARP Client > Device posture providers. To ensure the values have been entered correctly, select Test.

​​ 3. Configure the posture check

  1. In Zero Trust, go to Settings > WARP Client > Service provider checks.
  2. Select Add new.
  3. Select the Workspace ONE provider.
  4. Configure a device posture check and enter any name.
  5. Select Save.

Next, go to Logs > Posture and verify that the service provider posture check is returning the expected results.

​​ Device posture attributes

Workspace ONE posture checks work with the Compliance flags in Workspace ONE. All compliance tests must pass for the device to be considered compliant.