⚡ SONAN TECH

Location Launchpad Docs

Zero Trust Guide← Docs Home

Zero Trust Guide

How to configure Cloudflare Access to protect the Location Launchpad.

Why Zero Trust?

Cloudflare Zero Trust Access is the preferred authentication method because:

  • No passwords stored in the app or database
  • Email OTP — approved users get a one-time code, no account creation needed
  • Granular control — add or remove approved emails instantly
  • Works with custom domains — protects launchpad.sonantech.com at the network level
  • Free for up to 50 seats

Setup Steps

  1. Go to one.dash.cloudflare.com
  2. Select your account → Zero Trust Free
  3. Go to Access Controls → Access → Applications → Add an application → Self-hosted
  4. Click Public DNS tab
  5. Click Continue with Self-hosted and private
  6. Set destination: Subdomain = blank, Domain = launchpad.sonantech.com, Path = blank (protects entire app)
  7. Under Access Policies, add policy name Internal Team, Action = Allow
  8. Add Include rules: Emails → add each approved email address
  9. Save application

Adding New Approved Users

  1. Go to Zero Trust → Access → Applications → click your app → Edit
  2. Click the Internal Team policy
  3. Add the new email under Include → Emails
  4. Save

How Users Log In

  1. User visits launchpad.sonantech.com
  2. Cloudflare Access intercepts and shows a login page
  3. User enters their email → Cloudflare sends a 6-digit OTP
  4. User enters the code → access granted for the session duration (default 24 hours)

Fallback Password Auth

If Zero Trust is not configured, the app checks for an ADMIN_PASSWORD environment variable. If set, all API requests must include:

Authorization: Bearer <base64(ADMIN_PASSWORD)>

The login page at /login.html handles this automatically. If neither Zero Trust nor ADMIN_PASSWORD is configured, the app runs open (not recommended for production).

Always use Zero Trust for production. The fallback password method stores a hashed token in localStorage and is not suitable for shared or public computers.