new self-hosted flow

Author: ranbel

src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx

@@ -19,14 +19,6 @@ You can securely publish internal tools and applications by adding Cloudflare Ac
 
 <Render file="access/self-hosted-app" />
 
-## 2. Add an Access policy
-
-<Render file="access/self-hosted-policy" />
-
-## 3. (Optional) Configure advanced settings
-
-<Render file="access/self-hosted-settings" />
-
 ## 4. Connect your origin to Cloudflare
 
 Next, set up a [Cloudflare Tunnel](/cloudflare-one/connections/connect-networks/) to make your internal application available over the Internet.

src/content/docs/cloudflare-one/policies/access/policy-management.mdx

@@ -24,6 +24,22 @@ To create an Access policy for an existing application:
 
 Your new policy is now in effect.
 
+
+You can now configure an [Access policy](/cloudflare-one/policies/access/) to control who can connect to your application.
+
+1. Enter any name for your policy.
+
+2. Specify a policy [action](/cloudflare-one/policies/access/#actions).
+
+3. Assign [Access groups](/cloudflare-one/identity/users/groups/) to reuse existing rules, or create new rules. You can add as many include, exception, or require statements as needed.
+
+13. (Optional) Customize the login experience for users who match this policy:
+
+   * [Purpose justification](/cloudflare-one/policies/access/require-purpose-justification/)
+   * [Temporary authentication](/cloudflare-one/policies/access/temporary-auth/)
+
+
+
 ## Edit a policy
 
 To make changes to an existing policy:

src/content/docs/learning-paths/zero-trust-web-access/access-application/create-access-app.mdx

@@ -16,12 +16,4 @@ Each application can have multiple policies with different constraints depending
 
 <Render file="access/self-hosted-app" product="cloudflare-one" />
 
-## Add an Access policy
-
-<Render file="access/self-hosted-policy" product="cloudflare-one" />
-
-## (Optional) Configure advanced settings
-
-<Render file="access/self-hosted-settings" product="cloudflare-one" />
-
 When users go to the application, they will be prompted to login with your identity provider.

src/content/partials/cloudflare-one/access/access-block-page.mdx

@@ -3,7 +3,7 @@
 
 ---
 
-Under **Block pages**, choose what end users will see when they are denied access to the application:
+Under **Block page**, choose what end users will see when they are denied access to the application:
 
 * **Cloudflare default**: Reload the [login page](/cloudflare-one/applications/login-page/) and display a block message below the Cloudflare Access logo. The default message is `That account does not have access`, or you can enter a custom message.
 * **Redirect URL**: Redirect to the specified website.

src/content/partials/cloudflare-one/access/self-hosted-app.mdx

@@ -17,15 +17,32 @@ import { Render } from "~/components"
 
    Cloudflare checks every HTTP request to your application for a valid application token. If the user's application token (and global token) has expired, they will be prompted to reauthenticate with the IdP. For more information, refer to [Session management](/cloudflare-one/identity/users/session-management/).
 
-6. In **Application domain**, enter the domains that will represent the application.
+6. Select **Add public hostname**.
 
-   * Domains must belong to an active zone in your Cloudflare account. You can either select a domain from the dropdown or enter a [custom domain](/cloudflare-for-platforms/cloudflare-for-saas/security/secure-with-access/) that you control.
-   * You can use [wildcards](/cloudflare-one/policies/access/app-paths/) to protect multiple parts of an application that share a root path.
+7. In the **Domain** dropdown, select the domain that will represent the application. Domains must belong to an active zone in your Cloudflare account. You can use [wildcards](/cloudflare-one/policies/access/app-paths/) to protect multiple parts of an application that share a root path.
 
-7. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
+		Alternatively, to use a [Cloudflare for SaaS custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/security/secure-with-access/), set **Input method** to _Custom_ and enter the custom hostname.
 
-8. <Render file="access/access-block-page" product="cloudflare-one" />
+8. Add [Access policies](/cloudflare-one/policies/access/) to control who can connect to your application. To create a new policy, refer to
 
 9. <Render file="access/access-choose-idps" product="cloudflare-one" />
 
 10. Select **Next**.
+
+11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
+
+12. <Render file="access/access-block-page" product="cloudflare-one" />
+
+13. Select **Next**.
+
+14. (Optional) Configure advanced settings for your application:
+
+		- [**Cross-Origin Resource Sharing (CORS) settings**](/cloudflare-one/identity/authorization-cookie/cors/)
+		- [**Cookie settings**](/cloudflare-one/identity/authorization-cookie/#cookie-settings)
+		- **Browser rendering settings**:
+				- [Automatic `cloudflared` authentication](/cloudflare-one/applications/non-http/cloudflared-authentication/automatic-cloudflared-authentication/)
+				- [Browser rendering for SSH and VNC](/cloudflare-one/applications/non-http/browser-rendering/)
+		- **401 Response for Service Auth policies**:
+
+15. Select **Save**.
+