Supported SSO/IDP/IAM providers
Tailscale is not an identity provider or authentication service. Instead, it plugs into the identity provider your company already uses, providing network-layer authorization functionality on top.
Tailscale currently supports these identity providers for login services:
- Google GSuite (including
- Office365 / Azure Active Directory (including Microsoft Accounts)
- Ping Identity
When you activate your company's domain name with Tailscale for the first time, one of the steps is to choose which identity provider you want to use.
gmail.com addresses are treated specially: they always authenticate
through Google without needing to be configured first.
Once you've authenticated a Tailscale agent by connecting it to your identity provider, it automatically exchanges keys and connectivity information with the Tailscale Coordination Server and connects to other Tailscale agents on your network, subject to your security policy.