Supported SSO/IDP/IAM providers

Tailscale is not an identity provider or authentication service. Instead, it plugs into the identity provider your company already uses, providing network-layer authorization functionality on top.

Tailscale currently supports these identity providers for login services:

  • Google GSuite (including gmail.com addresses)
  • Office365 / Azure Active Directory (including Microsoft Accounts)
  • Ping Identity
  • Okta

When you activate your company's domain name with Tailscale for the first time, one of the steps is to choose which identity provider you want to use.

gmail.com addresses are treated specially: they always authenticate through Google without needing to be configured first.

Once you've authenticated a Tailscale agent by connecting it to your identity provider, it automatically exchanges keys and connectivity information with the Tailscale Coordination Server and connects to other Tailscale agents on your network, subject to your security policy.