Ask Your Technical Questions to a Tailscale Solutions EngineerJuly 8 Webinar
Get started
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Zero Trust Networking icon

Tailscale at Work

Bring Tailscale to Work

From Pi-holes to production clusters, Tailscale connects your critical infrastructure securely.


Get the magic of Tailscale at work

Secure resources
ACL tags
Secure resources

Simplify enterprise security management

End-to-end encryption

Seamless identity lifecycle management

Automate the provisioning of roles and groups with SCIM, and ensure access policies remain current regardless of personal change.

Manage access policies at DevOps speeds

Integrate access control policy management into existing IaC and GitOps workflows and automatically apply changes throughout your tailnet.
Visibility into your network

From K3s to K8s, our operator connects them

Kubernetes operator connects services (north-south, east-west) across heterogeneous environments, encrypting communications using WireGuard.
Visibility into your network

Secure SaaS & devices with Tailscale ZTNA

Protect third-party SaaS applications by restricting access to only authorized users using trusted devices with App Connector and Device Posture Management.
Visibility into your network

Gain visibility into your network activity

Stream configuration audit logs, network flow logs, and SSH sessions into your preferred SIEM and surface potentially anomalous activity faster.

Scale protection from small, human-sized tailnets to distributed corporate ones spanning geo-locations.

Users Management

SSO & MFA with IdP

Users can authenticate using one of our supported identity providers to access the tailnet.

User & group provisioning (SCIM)

Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.

On-demand access

Partner integrations allow administrators to provide time-bound, elevated privileges for users.


Device approval

Require devices to be approved by an administrator before joining the tailnet.

Device Posture

Continuously verify posture rules to determine device access to your tailnet.


Access controls lists (ACLs)

Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.

ACL tests

Verify ACLs provide sufficient coverage against unnecessary exposure.

GitOps for ACLs

Manage ACLs version control within a CI/CD workflow using GitHub or GitLab.

Tailnet lock

A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.

Network Access

App Connectors

Secure third-party SaaS applications by restricting access to authorized users.

Kubernetes Operator

Connect services and encrypt communications across heterogeneous environments.

Regional Routing

Increase performance with high availability across complex networks.

Exit nodes

Route all traffic through a designated egress point, similar to a privacy VPN.

End-to-end encryption

Tailscale uses WireGuard protocols for end-to-end encryption.


Configuration audit logging

Surface what configuration-based actions occurred, by whom, and when.

Network flow logging

Surface what node-to-node interaction occurred, and when.

Log streaming

Natively stream configuration or network flow logs to our SIEM integration partners.

SSH session recording

Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
Hugging Face