I was playing around with OpenClaw the other day and built a dashboard to monitor my agent's activity. Deployed it on a subdomain, felt great about it — and then…
I was playing around with OpenClaw the other day and built a dashboard to monitor my agent's activity. Deployed it on a subdomain, felt great about it — and then it hit me.
This thing is publicly accessible to anyone.
I needed to put it behind a login, but I didn't want to spend hours writing auth code or setting up a backend just to protect one dashboard. So I started looking for a quick solution, and that's when I stumbled across Cloudflare Zero Trust.
It genuinely blew my mind. What took developers hours to build, Cloudflare lets you set up in under 10 minutes — for free.
If you're building web apps and dashboards using AI agents like OpenClaw or Codex, this is something you absolutely need to know about.
What Is Cloudflare Zero Trust?
Think of it as a security layer you put in front of your web app — one that Cloudflare manages for you.
Instead of someone being able to directly open your web app's URL, Cloudflare intercepts the request and shows a login screen first. Only the people you've whitelisted (by email, domain, or Google account) can get through. No code changes needed on your end. No backend tweaks. Cloudflare just sits in front of your app and handles everything.
It's part of Cloudflare's SASE product suite — and the best part is, the free plan supports up to 50 users and applications. For solo builders and small teams, that's more than enough.
If you haven't heard of these yet, you're going to love what's happening right now.
OpenClaw is an AI agent platform that lets you automate tasks, build workflows, and even generate working web apps — without being a developer. You describe what you want, and the agent figures out the code and deployment. I use it daily for automation and recently built a monitoring dashboard with it in a single session.
Codex (by OpenAI) is a similar AI coding assistant — give it a prompt, and it writes and deploys functional code for you.
Here's what this means in practice: people who have never coded before are now spinning up web apps and dashboards every week. That's incredible. But it also means those apps are sitting exposed on the internet with zero protection. Cloudflare Zero Trust is the easiest way to fix that — and now that you're building with AI, there's really no excuse not to add this layer.
How to Add Google Login to Your Web App Using Cloudflare Zero Trust
Alright, let's get started. This will take you about 10 minutes.
Log in with your Cloudflare account. If you don't have one, creating a free account takes 2 minutes.
Step 2: Go to Access → Applications
In the left sidebar, click Access → Applications.
This is where you manage all the apps you want to protect.
Step 3: Click "Add an Application"
Hit the Add an application button on the top right.
Step 4: Select "Self-hosted"
You'll see a few options — choose Self-hosted. This is for apps running on your own domain or subdomain.
Step 5: Fill in Your Application Details
Now fill in the basic information:
Application name: Give it something recognizable — e.g., My Amazing App Dashboard
Session duration: Set it to 24 hours (so you're not logging in every hour)
Under Application domain:
Subdomain: Enter your subdomain (e.g., dashboard)
Domain: Select your domain from the dropdown (e.g., yoursite.com)
Click Next.
Step 6: Add a Policy
This is where you decide who gets in.
Policy name: Allowed Users
Action: Allow
Under Configure rules → Include:
Selector: Emails
Add your allowed email addresses one by one
Click Next.
Step 7: Save the Application
On the last page, leave the defaults as they are and click Add application.
That's it. You're done.
Testing It
Open an incognito window and go to your subdomain URL (e.g., https://dashboard.yoursite.com).
You should see a Cloudflare login screen asking for your email. Enter one of the whitelisted emails, and Cloudflare will send you a one-time code to verify. Enter it, and you're in.
Quick Upgrade: Switch From Email OTP to Google Login
Email OTP works fine, but clicking through verification codes every time gets old fast.
Here's how to switch to Sign in with Google in about 60 seconds:
Go to the Authentication tab and look for Login methods
Toggle on Google — it's a one-click enable, no extra configuration required
Alternatively, to allow everyone from a specific domain (e.g., everyone at yourcompany.com), add the domain directly instead of individual emails
Now when you visit your dashboard, you'll see a clean Sign in with Google button. One click, and you're in. No email codes. No waiting.
This is honestly more convenient than OTP — and it looks more professional too.
The Bottom Line
What I love about this is how simple it actually is. Cloudflare is doing something genuinely powerful here — enterprise-grade authentication, the kind companies pay thousands of dollars for — and they're giving it away for free for up to 50 apps and users.
At this stage, you don't need to understand every technical detail of how it works. What you should know is the possibility. Now that AI agents like OpenClaw and Codex make it easy to build web apps, tools like Cloudflare Zero Trust make it equally easy to secure them.
If you ever get stuck configuring something, describe your exact error to Claude or ChatGPT — they're incredibly good at debugging Cloudflare Access setups.
Frequently Asked Questions (FAQs)
Is Cloudflare Zero Trust really free?
Yes. Cloudflare's free plan supports up to 50 users and 50 applications — which is more than enough for individual builders, solo developers, and small teams. You don't need a credit card to get started.
Do I need to be a developer to use Cloudflare Zero Trust?
No. The setup is entirely UI-based — you click through a dashboard, fill in a few fields, and you're done. There's no code to write and no server configuration needed. If you can fill out a form, you can set this up.
Does my app need to be hosted on Cloudflare?
No. Your app can be hosted anywhere — on a VPS, a cloud service, Vercel, Railway, or even a Raspberry Pi. The only requirement is that your domain's DNS is managed through Cloudflare (which is free and easy to set up).
What is Zero Trust security?
Zero Trust is a security model that assumes no user or device should be trusted by default — even if they're on your internal network. Every request must be verified before access is granted. Cloudflare Zero Trust applies this model to your web apps by requiring authentication before anyone can even reach your app's server.
Can I allow an entire Google Workspace domain instead of individual emails?
Yes. In the policy configuration step, instead of selecting "Emails," choose "Email domain" and enter your Google Workspace domain (e.g., yourcompany.com). Anyone with a verified Google account under that domain will be able to log in.
What authentication methods does Cloudflare Zero Trust support?
Cloudflare Zero Trust supports a wide range of identity providers including Google, Microsoft, GitHub, Okta, and more — as well as one-time email PIN (OTP). For most personal projects, Google login or email OTP is all you need.
Will this slow down my web app?
No. Cloudflare's network is one of the fastest in the world. The authentication layer adds a negligible delay (milliseconds) to the login process. Once you're authenticated, your app loads at full speed. In many cases, Cloudflare actually speeds up your app through its CDN and performance optimizations.
Can I use this to protect multiple apps or subdomains?
Yes. You can add up to 50 applications on the free plan — each on its own subdomain or path. For example, you could protect dashboard.yoursite.com, admin.yoursite.com, and staging.yoursite.com as separate applications, each with its own access policy.
What's the difference between Cloudflare Access and Cloudflare Zero Trust?
Cloudflare Access is a product within the Cloudflare Zero Trust suite. Zero Trust is the broader security framework and product bundle (which also includes Cloudflare Gateway for DNS filtering, WARP for device security, etc.). For protecting web apps, you're primarily using Cloudflare Access — but it's accessed through the Zero Trust dashboard at one.dash.cloudflare.com.
Have you tried Cloudflare Zero Trust? Or are you using something else to protect your apps? Let me know in the comments — I'm curious what workflow you've settled on.
And if you want more guides like this — practical tutorials on AI agents, automation, and tools that actually save you time — subscribe to the ShoutMeLoud newsletter. No fluff, just things worth knowing.
Learn more here: 
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.