Setting up OneLogin to work with Tailscale

Unlike GSuite and Office365 authentication, which can be activated automatically during a Tailscale trial, you will have to contact us to enable your domain for OneLogin authentication. We are actively working to make this process more automated. In the meantime, here are the steps you’ll need to follow.

  1. In the OneLogin dashboard, go to Applications.

    • Click Add App.
  2. Search for “OIDC” and select OpenID Connect (OIDC).

  3. Set the Display Name to “Tailscale.”

    • Click Save.
  4. Under Configuration:

    • Add to Redirect URIs: https://login.tailscale.com/a/oauth_response
    • Click Save.
  5. Under SSO:

    • Set Refresh Token Minutes to 40320 (4 weeks)
    • Click Save.
  6. Under SSO, collect and send to us these fields:

    • Client ID
    • Client Secret (to see this, click “Show client secret”)
  7. Make sure all users you want to be able to log in are enabled for the Tailscale application in OneLogin.

After you send us your OneLogin app information, note that it may take up to two business days to activate your domain.

Last updated