Supported identity providers
Tailscale works on top of the SSO/IDP/IAM identity provider you or your company already use.
Tailscale supports these identity providers for logging in:
- Google GSuite (including Gmail addresses)
- Office365 / Azure Active Directory (including Microsoft Accounts)
- Okta (Okta activation instructions)
- OneLogin (OneLogin activation instructions)
- Ping Identity
- SAP Identity Manager
When you activate your company’s domain name with Tailscale for the first time, one of the steps is to choose which identity provider you want to use.
Once you’ve authenticated a Tailscale client by connecting it to your identity provider, it automatically exchanges keys and connectivity information and connects to other Tailscale clients on your network, subject to your security policy.
Can I sign up with an email address?
We don’t support sign-up with email addresses. By design Tailscale is not an identity provider: there are no Tailscale passwords, account recovery, etc.
Using an identity provider is not only more secure than email and password, but it allow us to automatically rotate connection encryption keys, follow security policies set by your team (eg. 2FA), and more.
We plan to support more auth providers in the future. If you’d like to request support for specific providers, please let us know.