diff --git a/.changelog/3103.txt b/.changelog/3103.txt
new file mode 100644
index 00000000000..e47e759177c
--- /dev/null
+++ b/.changelog/3103.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/cloudflare_access_application: adds the ability to set allow_authenticate_via_warp.
+```
+
+```release-note:enhancement
+resource/cloudflare_access_organization: adds the ability to set allow_authenticate_via_warp and warp_auth_session_duration.
+```
\ No newline at end of file
diff --git a/internal/sdkv2provider/resource_cloudflare_access_application.go b/internal/sdkv2provider/resource_cloudflare_access_application.go
index c8ac4dc227a..6564cf08a42 100644
--- a/internal/sdkv2provider/resource_cloudflare_access_application.go
+++ b/internal/sdkv2provider/resource_cloudflare_access_application.go
@@ -53,6 +53,7 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re
 		SkipInterstitial:         cloudflare.BoolPtr(d.Get("skip_interstitial").(bool)),
 		AppLauncherVisible:       cloudflare.BoolPtr(d.Get("app_launcher_visible").(bool)),
 		ServiceAuth401Redirect:   cloudflare.BoolPtr(d.Get("service_auth_401_redirect").(bool)),
+		AllowAuthenticateViaWarp: cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)),
 	}
 
 	if value, ok := d.GetOk("allowed_idps"); ok {
@@ -159,6 +160,7 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso
 	d.Set("bg_color", accessApplication.AccessAppLauncherCustomization.BackgroundColor)
 	d.Set("header_bg_color", accessApplication.AccessAppLauncherCustomization.HeaderBackgroundColor)
 	d.Set("app_launcher_logo_url", accessApplication.AccessAppLauncherCustomization.LogoURL)
+	d.Set("allow_authenticate_via_warp", accessApplication.AllowAuthenticateViaWarp)
 
 	if _, ok := d.GetOk("footer_links"); ok {
 		footerLinks := convertFooterLinksStructToSchema(d, accessApplication.AccessAppLauncherCustomization.FooterLinks)
@@ -213,6 +215,7 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re
 		SkipInterstitial:         cloudflare.BoolPtr(d.Get("skip_interstitial").(bool)),
 		AppLauncherVisible:       cloudflare.BoolPtr(d.Get("app_launcher_visible").(bool)),
 		ServiceAuth401Redirect:   cloudflare.BoolPtr(d.Get("service_auth_401_redirect").(bool)),
+		AllowAuthenticateViaWarp: cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)),
 	}
 
 	if appType != "saas" {
diff --git a/internal/sdkv2provider/resource_cloudflare_access_application_test.go b/internal/sdkv2provider/resource_cloudflare_access_application_test.go
index 7f113e1c985..5d915788998 100644
--- a/internal/sdkv2provider/resource_cloudflare_access_application_test.go
+++ b/internal/sdkv2provider/resource_cloudflare_access_application_test.go
@@ -97,6 +97,7 @@ func TestAccCloudflareAccessApplication_BasicZone(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
 					resource.TestCheckResourceAttr(name, "saas_app.#", "0"),
 					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
+					resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "true"),
 				),
 			},
 		},
@@ -126,6 +127,7 @@ func TestAccCloudflareAccessApplication_BasicAccount(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
 					resource.TestCheckResourceAttr(name, "sass_app.#", "0"),
 					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
+					resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "true"),
 				),
 			},
 		},
@@ -641,6 +643,7 @@ resource "cloudflare_access_application" "%[1]s" {
   type                      = "self_hosted"
   session_duration          = "24h"
   auto_redirect_to_identity = false
+	allow_authenticate_via_warp = true
 }
 `, rnd, domain, identifier.Type, identifier.Identifier)
 }
diff --git a/internal/sdkv2provider/resource_cloudflare_access_organization.go b/internal/sdkv2provider/resource_cloudflare_access_organization.go
index 6772265be14..f6d6f3edd21 100644
--- a/internal/sdkv2provider/resource_cloudflare_access_organization.go
+++ b/internal/sdkv2provider/resource_cloudflare_access_organization.go
@@ -61,6 +61,8 @@ func resourceCloudflareAccessOrganizationRead(ctx context.Context, d *schema.Res
 	d.Set("user_seat_expiration_inactive_time", organization.UserSeatExpirationInactiveTime)
 	d.Set("auto_redirect_to_identity", organization.AutoRedirectToIdentity)
 	d.Set("session_duration", organization.SessionDuration)
+	d.Set("warp_auth_session_duration", organization.WarpAuthSessionDuration)
+	d.Set("allow_authenticate_via_warp", organization.AllowAuthenticateViaWarp)
 
 	loginDesign := convertLoginDesignStructToSchema(ctx, d, &organization.LoginDesign)
 	if loginDesignErr := d.Set("login_design", loginDesign); loginDesignErr != nil {
@@ -87,6 +89,8 @@ func resourceCloudflareAccessOrganizationUpdate(ctx context.Context, d *schema.R
 		UserSeatExpirationInactiveTime: d.Get("user_seat_expiration_inactive_time").(string),
 		AutoRedirectToIdentity:         cloudflare.BoolPtr(d.Get("auto_redirect_to_identity").(bool)),
 		SessionDuration:                cloudflare.StringPtr(d.Get("session_duration").(string)),
+		WarpAuthSessionDuration:        cloudflare.StringPtr(d.Get("warp_auth_session_duration").(string)),
+		AllowAuthenticateViaWarp:       cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)),
 	}
 	loginDesign := convertLoginDesignSchemaToStruct(d)
 	updatedAccessOrganization.LoginDesign = *loginDesign
diff --git a/internal/sdkv2provider/resource_cloudflare_access_organization_test.go b/internal/sdkv2provider/resource_cloudflare_access_organization_test.go
index 5141f2ff195..e474791736f 100644
--- a/internal/sdkv2provider/resource_cloudflare_access_organization_test.go
+++ b/internal/sdkv2provider/resource_cloudflare_access_organization_test.go
@@ -37,6 +37,8 @@ func TestAccCloudflareAccessOrganization(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "login_design.0.header_text", "My header text"),
 					resource.TestCheckResourceAttr(name, "login_design.0.footer_text", "My footer text"),
 					resource.TestCheckResourceAttr(name, "session_duration", "12h"),
+					resource.TestCheckResourceAttr(name, "warp_auth_session_duration", "36h"),
+					resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "false"),
 				),
 				ResourceName:     name,
 				ImportState:      true,
@@ -86,6 +88,8 @@ func testAccCloudflareAccessOrganizationConfigBasic(rnd, accountID string) strin
 			user_seat_expiration_inactive_time = "1460h"
 			auto_redirect_to_identity = false
 			session_duration = "12h"
+			warp_auth_session_duration = "36h"
+			allow_authenticate_via_warp = false
 
 			login_design {
 				background_color = "#FFFFFF"
diff --git a/internal/sdkv2provider/schema_cloudflare_access_application.go b/internal/sdkv2provider/schema_cloudflare_access_application.go
index 518619405f4..5934ab9c4af 100644
--- a/internal/sdkv2provider/schema_cloudflare_access_application.go
+++ b/internal/sdkv2provider/schema_cloudflare_access_application.go
@@ -2,9 +2,10 @@ package sdkv2provider
 
 import (
 	"fmt"
-	"github.com/cloudflare/cloudflare-go"
 	"time"
 
+	"github.com/cloudflare/cloudflare-go"
+
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -386,6 +387,11 @@ func resourceCloudflareAccessApplicationSchema() map[string]*schema.Schema {
 				},
 			},
 		},
+		"allow_authenticate_via_warp": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Description: "When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.",
+		},
 	}
 }
 
diff --git a/internal/sdkv2provider/schema_cloudflare_access_organization.go b/internal/sdkv2provider/schema_cloudflare_access_organization.go
index e381c3bd464..23a004892e2 100644
--- a/internal/sdkv2provider/schema_cloudflare_access_organization.go
+++ b/internal/sdkv2provider/schema_cloudflare_access_organization.go
@@ -121,6 +121,16 @@ func resourceCloudflareAccessOrganizationSchema() map[string]*schema.Schema {
 				},
 			},
 		},
+		"allow_authenticate_via_warp": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Description: "When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value.",
+		},
+		"warp_auth_session_duration": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time units are: m, h.",
+		},
 	}
 }