Product · Routing

Access that just works.

Every URL starts private. Flip one flag to make it public. No ngrok tokens, no copy-pasting auth headers, no custom gateway. Private URLs are gated at Cloudflare edge with WorkOS SSO; your team signs in with whatever IdP you already use.

Two states, one flag

# private by default: only your identity provider can access
$ remoco expose main.api.wiley

# public: anyone with the URL sees it
$ remoco expose main.api.wiley --access=public

# revoke both
$ remoco hide main.api.wiley

How private works

A Cloudflare Access application is provisioned per private URL. Policy: authenticate via your WorkOS directory. Supported IdPs:

Google Workspace
Okta
Azure AD
Any SAML 2.0 IdP
OIDC (generic)

Access tokens live at Cloudflare edge, not in the workstation. Log out from the Access portal revokes immediately, org-wide.

How public works

The Access application is torn down; cloudflared forwards directly to portless. You still see the request on the workstation debugger overlay — so you can spot unwanted traffic without adding logging.

Immutable deploys

Public URLs for mutable dev servers are a mistake waiting to happen. The moment you flip --access=public, Remoco snapshots the workspace state and routes public traffic to the snapshot, not your live vite dev. Your hot-reload keeps working privately; the shared URL is frozen.

$ remoco expose main.web.wiley --access=public
# snapshot v42 · frozen · now public at https://main.web.wiley.remoco.dev
# your local dev keeps flowing at the private preview URL

Audit log. Every access grant, revoke, and SSO event streams into the admin plane. Private URL accesses are auditable by identity, not just IP.

← Named URLs Parallel worktrees →