From 0eb82088f1d6e5b4c7f1024367945052399ae337 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Mon, 10 Mar 2025 13:14:34 -0400
Subject: [PATCH 1/2] new Access policy flow

---
 .../cloudflare-one/warp/service-token-enrollment.mdx        | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
index ddf81e385cba90a..ef1b82f5374b3fe 100644
--- a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
+++ b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
@@ -11,13 +11,15 @@ import { Tabs, TabItem } from '~/components';
 
 2. Copy the token's **Client ID** and **Client Secret**.
 
-3. In your [device enrollment permissions](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#set-device-enrollment-permissions), create the following policy:
+3. Go to **Access** > **Policies** and create the following policy:
 
    | Rule Action  | Rule type | Selector      | Value          |
    | ------------ | --------- | ------------- | -------------- |
    | Service Auth | Include   | Service Token | `<TOKEN-NAME>` |
 
-4. In your MDM [deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/), add the following fields:
+		 Make sure **Action** is set to _Service Auth_ and not _Allow_.
+4. Add the Access policy to your [device enrollment permissions](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#set-device-enrollment-permissions).
+5. In your MDM [deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/), add the following fields:
    * `auth_client_id`: The **Client ID** of your service token.
    * `auth_client_secret`: The **Client Secret** of your service token.
 

From 96b6bd4e7d020efa97cace103d21a6e0798dcfc1 Mon Sep 17 00:00:00 2001
From: Ranbel Sun <ranbel@cloudflare.com>
Date: Mon, 10 Mar 2025 13:20:05 -0400
Subject: [PATCH 2/2] minor wording tweak

---
 .../partials/cloudflare-one/warp/service-token-enrollment.mdx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
index ef1b82f5374b3fe..9bf9312cfe3e2ab 100644
--- a/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
+++ b/src/content/partials/cloudflare-one/warp/service-token-enrollment.mdx
@@ -17,7 +17,7 @@ import { Tabs, TabItem } from '~/components';
    | ------------ | --------- | ------------- | -------------- |
    | Service Auth | Include   | Service Token | `<TOKEN-NAME>` |
 
-		 Make sure **Action** is set to _Service Auth_ and not _Allow_.
+		 Make sure to set **Action** to _Service Auth_ instead of _Allow_.
 4. Add the Access policy to your [device enrollment permissions](/cloudflare-one/connections/connect-devices/warp/deployment/device-enrollment/#set-device-enrollment-permissions).
 5. In your MDM [deployment parameters](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/parameters/), add the following fields:
    * `auth_client_id`: The **Client ID** of your service token.