diff --git a/README.md b/README.md
index cde719b..9df443a 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,15 @@ with:
   auth_client_secret: ${{ secrets.CLOUDFLARE_AUTH_CLIENT_SECRET }}
 ```
 
+## Cloudflare Permissions
+> [!TIP]
+> Failure to set the proper permission will result in a `Status update: Unable to connect. Reason: Registration Missing` error.
+
+Under `Zero Trust > Settings > WARP Client > Device enrollment permissions` a policies rule must have `SERVICE AUTH` set as the rule action.
+![Cloudflare Device Enrollment Policy](./docs/resources/cloudflare_device_enrollment.png)
+
+To add the GitHub action to a WARP Client Profile, you must specify the expression of the policy to `User Email`, `is`, `non_identity@<INSERT YOUR ORG>.cloudflareaccess.com`.
+
 ## Inputs
 - `version` - (optional) The version of Cloudflare WARP to install. Defaults to the latest version.
 - `organization` - (required) The name of your Cloudflare Zero Trust organization.
diff --git a/docs/resources/cloudflare_device_enrollment.png b/docs/resources/cloudflare_device_enrollment.png
new file mode 100644
index 0000000..407dd72
Binary files /dev/null and b/docs/resources/cloudflare_device_enrollment.png differ