Setting up Okta to work with Tailscale

Unlike GSuite and Office365 authentication, which can be activated automatically during a Tailscale trial, you will have to contact us to enable your domain for Okta authentication. We are actively working to make this process more automated. In the meantime, here are the steps you’ll need to follow.

  1. In the Okta admin panel, go the the Applications tab.

    • Click Create New App.
  2. Select:

    • Platform: Web
    • Signon method: OpenID Connect
  3. On the Create OpenID Connection Integration page, enter:

    • Application Name: Tailscale
    • Login redirect URIs: https://login.tailscale.com/a/oauth_response
  4. In General Settings:

    • Click Edit.
  5. Under Allowed grant types / Client acting on behalf of a user:

    • Enable Refresh Token
  6. When done, send the following to support@tailscale.com:

    • Your Okta authentication domain (eg. example.okta.com)
    • The auto-generated Client ID
    • The auto-generated Client secret

After you send us your Okta app information, note that it may take up to two business days to activate your domain.

Last updated