Setting up OneLogin to work with Tailscale

You will have to contact us to enable your domain for OneLogin authentication, following the steps below. We are actively working to make this process more automated.

1. In the OneLogin dashboard, go to Applications.

   • Click Add App

2. Search for "OIDC" and select OpenID Connect (OIDC).

3. Set the Display Name to "Tailscale."

   • Click Save.

4. Under Configuration:

   • Add to Redirect URIs: https://login.tailscale.com/a/oauth_response
   • Click Save

5. Under SSO:

   • Set Refresh Token Minutes to 40320 (4 weeks)
   • Click Save

6. When done, fill out the Identity provider configuration or change section of the support form.

7. Make sure all users you want to be able to log in are enabled for the Tailscale application in OneLogin.

After you send us your OneLogin app information, note that it may take up to two business days to activate your domain.