Simplified Clientless Access Management

Cloudflare Access has introduced a new Allow clientless access setting that streamlines the process of enabling browser-based access to private self-hosted applications. This feature eliminates the need for the previous workaround of creating separate bookmark applications.

What Changed

Previously, organizations had to:

• Create a separate bookmark application
• Point it to a prefixed Clientless Web Isolation URL (e.g., https://<your-teamname>.cloudflareaccess.com/browser/https://10.0.0.1/)
• Accept that this bookmark would be visible to all App Launcher users, regardless of access permissions

New Workflow

With the update, administrators can now:

• Enable clientless access directly within their private self-hosted application settings
• Control visibility so only users who pass the Access application policies see the clientless access tile in their App Launcher
• Maintain security by requiring users to have remote browser permissions to open the link

This change reduces configuration complexity and improves the security posture by tying clientless access permissions directly to the underlying application's access policies.