Using your devices as the key to your apps

Sam Rhea is working on a project to build a simple web app for tracking one-off expenses and submitting them into a budget workbook. To protect his prototype, he plans to use Cloudflare Access with mutual TLS (mTLS) authentication, allowing only requests from his iPhone to connect. He will create a Root CA using Cloudflare's open source toolkit cfssl and generate a client certificate for his device. The client certificates will be placed on the iPhone, ensuring that it is the only device capable of reaching this app. This project demonstrates how organizations can scale up authentication processes to securely deploy devices like IoT sensors or corporate laptops.