2021 04 27 tutorial (#1225)

* add tutorial, clean up template

* tutorial

products/cloudflare-one/src/content/policies/filtering/lists.md

@@ -1,54 +0,0 @@
----
-order: 10
----
-
-# Lists
-
-<Aside>
-Your lists can include up to 5,000 entries for Enterprise subscriptions and 1,000 for Standard subscriptions. A CSV file containing a list of URLs or hostnames must be smaller than 2 MB. 
-</Aside>
-
-With Teams, you can create lists of URLs or hostnames to reference when creating [Secure Web Gateway policies](/policies/filtering). This allows you to quickly create rules that match and take actions against several items at once. 
-
-You can create a list by:
-* [Uploading a list of entries](#creating-a-list-from-a-csv-file)
-* [Manually creating a list of entries](#creating-a-manual-list) 
-
-
-## Creating a list from a CSV file
-
-If you'd like to test how this feature works, here is a [sample CSV file](../../static/documentation/list-test.csv). You can upload it to the Teams dashboard following the instructions below:
-
-1. On the [Teams dashboard](https://dash.teams.cloudflare.com), navigate to **Gateway > Lists**.
-1. Click **Upload CSV**.
-
-  ![Upload CSV](../../static/documentation/policies/upload-csv.png)
-
-1. Next, specify a **List name**, enter an optional description, and choose URLs as the **List type**.
-1. Drag and drop a file into the CSV File window, or click **Select a file**.
-1. Click **Create**. 
-
-Your list will now appear in the Lists page.
-
-## Creating a manual list
-
-1. On the Teams dashboard, navigate to **Gateway > Lists**.
-1. Click **Create manual list**.
-
-  ![Manual list](../../static/documentation/policies/upload-csv.png)
-
-1. Next, specify a **List name**, enter an optional description, and choose URLs as the **List type**.
-1. Enter your elements manually in the *Add entries* field.
-1. Click **Save**.
-
-## Editing a list
-
-1. In the Lists page, locate the list you want to edit.
-
-1. Click **Edit**. This will allow you to:
-    * Edit your list details (name and description) by clicking on the three-dots menu to the right of your list's name.
-    * Delete the list by clicking on the three-dots menu to the right of your list's name.
-    * Delete individual entries.
-    * Manually add entries to your list.
-
-1. Once you’ve edited your list, click **Save**.

products/cloudflare-one/src/content/tutorials/block-football-users.md

@@ -14,7 +14,9 @@ You can use Cloudflare Gateway and the Cloudflare WARP client application to blo
 * Create a Gateway policy to block URLs that contain a hostname for certain users
 * Review the block events in the Gateway logs
 
-**⏲️Time to complete: 25 minutes**
+**⏲️Time to complete:**
+
+25 minutes
 
 ## Add Cloudflare Gateway
 

products/cloudflare-one/src/content/tutorials/block-football.md

@@ -15,7 +15,9 @@ You can use Cloudflare Gateway and the Cloudflare WARP client application to blo
 * Create a Gateway policy to block URLs that contain a URL path
 * Review the block events in the Gateway logs
 
-**⏲️Time to complete: 25 minutes**
+**⏲️Time to complete:**
+
+25 minutes
 
 ## Add Cloudflare Gateway
 

products/cloudflare-one/src/content/tutorials/block-tld.md

@@ -12,7 +12,9 @@ You can use Cloudflare Gateway to block DNS queries a entire top level domain (T
 
 * Build a policy in Gateway to block entire TLDs
 
-**⏲️Time to complete: 5 minutes**
+**⏲️Time to complete:**
+
+5 minutes
 
 ## Configure Cloudflare Gateway
 

products/cloudflare-one/src/content/tutorials/block-uploads.md

@@ -14,10 +14,12 @@ You can use Cloudflare Gateway and the Cloudflare WARP client application to pre
 * Enroll devices into a Cloudflare for Teams account where this rule will be enforced
 * Log file type upload attempts
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
+
+## Before you start
 
-| Before you start |
-|---|---|
 1. [Connect devices](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp) to Cloudflare's edge with the WARP client and [install the root certificate](/connections/connect-devices/warp/install-cloudflare-cert)
 1. [ Enable web inspection](/connections/connect-devices/warp/control-proxy)
 

products/cloudflare-one/src/content/tutorials/cli.md

@@ -13,7 +13,9 @@ These instructions are not meant for configuring a service to run against an API
 
 * Connect to resources secured by Cloudflare Access from a CLI
 
-**⏲️ Time to complete: 30 minutes**
+**⏲️ Time to complete:**
+
+30 minutes
 
 ---
 

products/cloudflare-one/src/content/tutorials/corp-device-tag.md

@@ -15,7 +15,9 @@ You can use Cloudflare Access to require team members to connect to self-hosted
 * Deploy Cloudflare WARP, the Cloudflare for Teams agent, to collect device information
 * Build a Zero Trust rule that requires users to connect from devices in your inventory
 
-**⏲️Time to complete: 30 minutes**
+**⏲️Time to complete:**
+
+30 minutes
 
 ## Create or upload a list of devices
 

products/cloudflare-one/src/content/tutorials/country-rules.md

@@ -15,7 +15,9 @@ Before you build the rule, you'll need to follow [these instructions](/setup) to
 * Create a list of approved countries where a team operates
 * Require that users connecting to self-hosted or SaaS applications connect from those countries
 
-**⏲️ Time to complete: ~5 minutes**
+**⏲️ Time to complete:**
+
+5 minutes
 
 ## Create an approved country list
 

products/cloudflare-one/src/content/tutorials/credentials-only.md

@@ -14,7 +14,9 @@ You can use [Argo Tunnel](/connections/connect-apps) to connect applications and
 * Keep that connection running after deleting the initial authentication file
 * Give that application a hostname where users can reach the resource
 
-**⏲️ Time to complete: ~20 minutes**
+**⏲️ Time to complete:**
+
+20 minutes
 
 ## Install `cloudflared`
 

products/cloudflare-one/src/content/tutorials/default-groups.md

@@ -15,7 +15,9 @@ Before you build the rule, you'll need to follow [these instructions](/setup) to
 * Use that rule when adding an application to Cloudflare Access
 * Combine that default rule with other rules for additional customization
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
 
 ## Create a default group
 

products/cloudflare-one/src/content/tutorials/do-not-decrypt.md

@@ -15,11 +15,13 @@ Cloudflare for Teams has compiled a list of resources that rely on this mechanis
 * Build a `Do not inspect` policy using Cloudflare's list of certificate pinned resources
 * Configure that policies precedence in your Gateway configuration
 
-**⏲️ Time to complete: 5 minutes**
+**⏲️ Time to complete:**
 
-**Before you start:**
+5 minutes
 
-1. [Connect devices](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp) to Cloudflare's edge with the WARP client and [install the root certificate](/connections/connect-devices/warp/install-cloudflare-cert)
+## Before you start
+
+1. [Connect devices](/connections/connect-devices/warp) to Cloudflare's edge with the WARP client and [install the root certificate](/connections/connect-devices/warp/install-cloudflare-cert)
 1. [ Enable web inspection](/connections/connect-devices/warp/control-proxy)
 
 ## Build the policy

products/cloudflare-one/src/content/tutorials/gateway-list.md

@@ -24,7 +24,9 @@ You can then use these lists in Gateway policies to block, allow, isolate or exc
 * Manage the list in the Teams dashboard
 * Use the list in a Gateway policy
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
 
 ## Upload a CSV
 

products/cloudflare-one/src/content/tutorials/gitlab.md

@@ -14,7 +14,9 @@ You can use Cloudflare Access to add Zero Trust rules to a self-hosted instance
 * Build policies with Cloudflare Access to control who can reach GitLab
 * Connect over HTTP and SSH through Cloudflare
 
-**⏲️ Time to complete: 1 hour**
+**⏲️ Time to complete:**
+
+1 hour
 
 ---
 

products/cloudflare-one/src/content/tutorials/gw-rollout-guide.md

@@ -27,7 +27,9 @@ This guide walks through an end-to-end Gateway deployment that includes both mod
 1. Deploy HTTP filtering rules for roaming users in a phased rollout
 1. Enable HTTP filtering globally
 
-**⏲️ Time to complete: 45 minutes**
+**⏲️ Time to complete:**
+
+45 minutes
 
 ## Choose a Cloudflare for Teams plan
 

products/cloudflare-one/src/content/tutorials/identity-dns.md

@@ -0,0 +1,55 @@
+---
+updated: 2021-04-15
+category: 🛡️ Web Gateway
+---
+
+# Filter DNS based on users and groups
+
+Cloudflare's DNS filtering solution can apply filters based on who is making the query. With those options, your team can apply different DNS filtering policies to different parts of your organization based on specific user identity or groups from your identity provider's directory.
+
+To apply these types of rules, you will need to deploy Cloudflare's agent on the devices in your organization. Cloudflare's agent will prompt users to login and will use the identity from that authentication to send DNS-over-HTTPS (DoH) queries that include the user identity. These types of policies can also run in-line with Cloudflare Gateway's HTTP filtering rules.
+
+**🗺️ This walkthrough covers how to:**
+
+* Build a DNS filtering rule that applies to a group of users
+* Use DNS filtering rule precedence to allow some users to reach a destination
+
+**⏲️ Time to complete: 10 minutes**
+
+## Before you start
+
+1. [Add Gateway to your account](/setup)
+1. [Integrate your identity provider](/identity/idp-integration)
+1. [Enroll users in the Cloudflare for Teams agent](/connections/connect-devices/warp)
+
+---
+
+## Allow a team to reach social media
+
+Navigate to the Gateway section of the Cloudflare for Teams dashboard and open the `Policies` page. Select the `DNS` tab; if you see two `DNS` tabs, select the one marked `NEW`. Click **Create a DNS policy** to get started.
+
+![Start Process](../static/secure-web-gateway/id-dns/start-policy.png)
+
+This first rule will allow users of your marketing team to reach social media. Select **DNS Content Categories** and choose **Social Media** from the options.
+
+![Add Rule](../static/secure-web-gateway/id-dns/add-second-rule.png)
+
+Next, click **And** to add a second rule. In this rule, select **User Group Names**. You can also select individual user emails or group IDs, as well as locations. Input the name of the group in your identity provider that should be allowed to reach social media.
+
+In the **Action** section, select **Allow** and save the rule at the top of the page.
+
+![Allow Action](../static/secure-web-gateway/id-dns/allow-action.png)
+
+## Block social media for all other users
+
+You can now build a rule that will block social media for the rest of your organization. Add a second rule and once again select **DNS Content Categories** and choose **Social Media** from the options.
+
+![Block Criteria](../static/secure-web-gateway/id-dns/add-first-rule.png)
+
+The rule does not need any additional criteria. This policy will apply to all locations and users in your organization, regardless of how DNS queries are sent.
+
+In the **Action** section, select **Block** and save the rule at the top of the page.
+
+![Block Action](../static/secure-web-gateway/id-dns/block-action.png)
+
+Once saved, ensure that the `Allow` rule has higher precedence than the `Block` rule. You can drag-and-drop rules as needed in the UI. Rules are evaluated from top to bottom, so when the `Allow` rule is ranked first, users in the marketing group will be allowed to reach social media. Users who do not meet that criteria will have the next rule applied and will be blocked.

products/cloudflare-one/src/content/tutorials/kubectl.md

@@ -17,7 +17,9 @@ You can connect to machines over `kubectl` using Cloudflare's Zero Trust platfor
 
 * [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
 
-**⏲️ Time to complete: 30 minutes**
+**⏲️ Time to complete:**
+
+30 minutes
 
 ---
 

products/cloudflare-one/src/content/tutorials/migrate-lb-tunnel.md

@@ -16,10 +16,14 @@ If you are using Legacy Argo Tunnel today you can migrate to Named Argo Tunnel d
 * Migrate a Legacy Argo Tunnel deployment to Named Argo Tunnel model
 * Use Cloudflare Load Balancer to perform a zero downtime migration
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
 
 See additional documentation for working with [Kubernetes](/connections/connect-apps/routing-to-tunnel/kubernetes).
 
+---
+
 ## Creating a Legacy Argo Tunnel with Cloudflare Load Balancer
 
 This tutorial starts by documenting the steps to create a Legacy Argo Tunnel with Cloudflare Load Balancer so that those can be compared to the migration steps. If you would prefer to start the migration now, please [skip ahead](#create-a-named-tunnel).

products/cloudflare-one/src/content/tutorials/mongodb-tunnel.md

@@ -17,7 +17,11 @@ In this tutorial, a client running `cloudflared` connects over SSH to a MongoDB
 * Configure an Argo Tunnel connection to Cloudflare's edge
 * Create an SSH configuration file for the client
 
-**⏲️ Time to complete: 50 minutes**
+**⏲️ Time to complete:**
+
+50 minutes
+
+---
 
 ## Configure Cloudflare Access
 

products/cloudflare-one/src/content/tutorials/multi-origin.md

@@ -15,7 +15,11 @@ You can deploy a single instance of `cloudflared` to proxy traffic to a single s
 * Start a secure, outbound-only, connection from a machine to Cloudflare for multiple applications
 * Give those applications hostnames where users can connect
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
+
+---
 
 ## Install `cloudflared`
 

products/cloudflare-one/src/content/tutorials/okta-u2f.md

@@ -19,7 +19,11 @@ Some second factor methods are more resistant to phishing. U2F options require y
 
 The first two sections of this tutorial link to guides to set up Cloudflare Access and integrate Okta. If you already use Cloudflare Access with Okta, you can skip ahead to the fourth section.
 
-**⏲️ Time to complete: 20 minutes**
+**⏲️ Time to complete:**
+
+20 minutes
+
+---
 
 ## Configure Cloudflare Access
 

products/cloudflare-one/src/content/tutorials/rdp.md

@@ -15,10 +15,9 @@ You can connect to machines over RDP using Cloudflare's Zero Trust platform.
 
 **⏲️ Time to complete: 30 minutes**
 
-| Before you start |
-|---|
-| 1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website) |
-| 2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708) |
+## Before you start
+1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708)
 
 ---
 

products/cloudflare-one/src/content/tutorials/require-swg.md

@@ -15,7 +15,11 @@ You can build rules in Cloudflare Access that require users to connect through y
 * View enrolled devices
 * Build a rule in Access to require Cloudflare Gateway
 
-**⏲️Time to complete: 40 minutes**
+**⏲️Time to complete:**
+
+40 minutes
+
+---
 
 ## Add Cloudflare Gateway
 

products/cloudflare-one/src/content/tutorials/review-gateway-block.md

@@ -14,11 +14,14 @@ You can use Cloudflare Gateway and the Cloudflare WARP client application to fil
 * Review the reason a domain was blocked in Cloudflare Radar
 * Submit categorization feedback
 
-**⏲️Time to complete: ~5 minutes**
+**⏲️Time to complete:**
 
-| Before you start |
-|---|
-| 1. [Add Gateway to your account](/setup) |
+5 minutes
+
+## Before you start
+1. [Add Gateway to your account](/setup)
+
+---
 
 ## Review Gateway events
 

products/cloudflare-one/src/content/tutorials/salesforce-saas.md

@@ -10,11 +10,14 @@ difficulty: Intermediate
 * Configure Salesforce as a SaaS application in Teams
 * Force logins to Salesforce through Cloudflare's Zero Trust rules
 
-**⏲️ Time to complete: 15 minutes**
+**⏲️ Time to complete:**
 
-| Before you start |
-|---|
-| 1. You'll need admin access to a Salesforce account |
+15 minutes
+
+## Before you start
+1. You'll need admin access to a Salesforce account
+
+---
 
 ## Set up Salesforce as a SaaS application in Teams
 

products/cloudflare-one/src/content/tutorials/secure-dns-devices.md

@@ -13,11 +13,11 @@ You can use Cloudflare Gateway and the Cloudflare WARP client application to fil
 * Create a DNS filtering policy that secures devices by blocking malicious hostnames
 * Apply that policy to devices on any network
 
-**⏲️ Time to complete: ~45 minutes**
+**⏲️ Time to complete:**
 
-| Before you start |
-|---|
-| 1. [Add Gateway to your account](/setup) |
+45 minutes
+
+1. [Add Gateway to your account](/setup)
 
 ## Create a default location
 

products/cloudflare-one/src/content/tutorials/secure-dns-network.md

@@ -13,7 +13,11 @@ You can use Cloudflare Gateway to filter and log DNS queries from any device usi
 * Create a DNS filtering policy that secures a home or office network by blocking malicious hostnames
 * Review logs and events that occur on that network
 
-**⏲️ Time to complete: ~15 minutes**
+**⏲️ Time to complete:**
+
+15 minutes
+
+---
 
 ## Configure Cloudflare Gateway
 

products/cloudflare-one/src/content/tutorials/share-new-site.md

@@ -20,11 +20,12 @@ You can use Argo Tunnel to quickly share projects you are working on with team m
 
 **⏲️ Time to complete: ~30 minutes**
 
-| Before you start |
-|---|
-| 1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website) |
-| 2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708) |
-| 3. [Enable Argo Smart Routing for your account](https://support.cloudflare.com/hc/articles/115000224552-Configuring-Argo-through-the-UI)  |
+## Before you start
+1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708)
+3. [Enable Argo Smart Routing for your account](https://support.cloudflare.com/hc/articles/115000224552-Configuring-Argo-through-the-UI)
+
+---
 
 ## Install `cloudflared`
 

products/cloudflare-one/src/content/tutorials/single-command.md

@@ -24,7 +24,11 @@ If you are migrating from "classic" Argo Tunnel deployments to the new, persiste
 * Give the application a hostname where users can connect
 * Complete the entire process with a single command using `cloudflared`
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
+
+---
 
 ## Install `cloudflared`
 

products/cloudflare-one/src/content/tutorials/smb.md

@@ -13,10 +13,12 @@ You can set up this connection by downloading and installing the Cloudflare daem
 1. [How to connect the machine hosting the file share to Cloudflare](#host-machine)
 2. [How to connect from a client machine](#client-machine)
 
-**Before you start** 
-* Create a Cloudflare account
-* [Add an active zone to Cloudflare](https://support.cloudflare.com/hc/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
-* [Install the `cloudflared` daemon](/connections/connect-apps/install-and-setup/installation) on the host and client machines
+## Before you start
+1. Create a Cloudflare account
+1. [Add an active zone to Cloudflare](https://support.cloudflare.com/hc/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+1. [Install the `cloudflared` daemon](/connections/connect-apps/install-and-setup/installation) on the host and client machines
+
+---
 
 ## Connect the machine hosting the file share to Cloudflare
 

products/cloudflare-one/src/content/tutorials/split-tunnel.md

@@ -12,7 +12,11 @@ You can configure Cloudflare for Teams to exclude domains and IP addresses from
 * Manage the default lists of excluded domains and IP addresses
 * Add a domain or IP address to the exclusion list
 
-**⏲️ Time to complete: 10 minutes**
+**⏲️ Time to complete:**
+
+10 minutes
+
+---
 
 ## Configure domains to resolve locally
 

products/cloudflare-one/src/content/tutorials/ssh-browser.md

@@ -1,5 +1,5 @@
 ---
-updated: 2021-04-15
+updated: 2021-04-27
 category: 🔐 Zero Trust
 ---
 
@@ -13,12 +13,14 @@ Administrators can deploy Cloudflare Tunnel to connect one or more machines avai
 
 * Render a terminal in your browser for SSH connections
 
-**⏲️ Time to complete: 30 minutes**
+**⏲️ Time to complete:**
 
-**Before you start**
+30 minutes
 
-* [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
-* [Connect your machine to Cloudflare](/tutorials/ssh) and apply Zero Trust rules
+## Before you start
+
+1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+1. [Connect your machine to Cloudflare](/tutorials/ssh) and apply Zero Trust rules
 
 ---
 

products/cloudflare-one/src/content/tutorials/ssh-cert-bastion.md

@@ -24,12 +24,15 @@ Replacing long-lived API keys with short-lived certificates offers the following
 * Build Zero Trust rules to protect that resource
 * Replace long-lived SSH keys with short-lived certificates to authenticate users to the host
 
-**⏲️ Time to complete: 45 minutes**
+**⏲️ Time to complete:**
 
-| Before you start |
-|---|
-| 1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website) |
-| 2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708) |
+45 minutes
+
+## Before you start
+1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+2. [Change your domain nameservers to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/205195708)
+
+---
 
 ## Build a Zero Trust policy
 

products/cloudflare-one/src/content/tutorials/ssh-service-token.md

@@ -15,7 +15,9 @@ This walkthrough extends a [previous guide](/tutorials/gitlab) that describes co
 * Add a rule to an existing Access policy to allow `cloudflared` to reach the resource using the service token
 * Configure the `cloudflared` command to connect to the protected resource
 
-**⏲️ Time to complete: 1 hour**
+**⏲️ Time to complete:**
+
+1 hour
 
 ---
 

products/cloudflare-one/src/content/tutorials/ssh.md

@@ -13,11 +13,13 @@ You can connect to machines over SSH using Cloudflare's Zero Trust platform.
 * Connect a machine to Cloudflare's network using an SSH connection
 * Connect from a client machine
 
-**⏲️ Time to complete: 30 minutes**
+**⏲️ Time to complete:**
 
-**Before you start**
+30 minutes
 
-* [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
+## Before you start
+
+1. [Add a website to Cloudflare](https://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website)
 
 ---
 

products/cloudflare-one/src/content/tutorials/user-diagnostics.md

@@ -14,7 +14,11 @@ Cloudflare Access provides a user-facing portal, the [Access App Launcher](https
 * Visit the Access App Launcher as an end user
 * Review login diagnostics as an end user
 
-**⏲️Time to complete: 10 minutes**
+**⏲️Time to complete:**
+
+10 minutes
+
+---
 
 ## Configure Cloudflare Access App Launcher
 

products/cloudflare-one/src/content/tutorials/warp-to-tunnel.md

@@ -26,7 +26,9 @@ Once enrolled, user endpoints will be able to connect to private [RFC 1918](http
 
 </Aside>
 
-**⏲️ Time to complete: 45 minutes**
+**⏲️ Time to complete:**
+
+45 minutes
 
 ## Install `cloudflared`
 

products/cloudflare-one/src/content/tutorials/zsh-env-var.md

@@ -19,7 +19,11 @@ You can also use `cloudflared` to quickly gather the JWT from an application and
 * Login to an application secured by Cloudflare Access from the command line using `cloudflared`
 * Use Z Shell or Bash to create a time-saving command to store the JWT as an environment variable
 
-**⏲️Time to complete: 5 minutes**
+**⏲️Time to complete:**
+
+5 minutes
+
+---
 
 ## Install `cloudflared`