Device authorization is a feature that allows Tailscale network administrators to review and approve new devices before they can join the network. This can be used to ensure only trusted devices, such as workplace-managed laptops and phones, can access a network.
Enabling device authorization for your network
Currently this feature can only be enabled by contacting the Tailscale team. Email us at firstname.lastname@example.org and let us know you’d like device authorization enabled for your network.
In the near future, we’ll introduce an option to toggle this setting in the admin console.
Once this setting is enabled, new devices that access your network will see a notification that their device is “awaiting approval.” Devices awaiting approval cannot send or receive traffic on your Tailscale network until they are authorized.
To authorize devices, navigate to the machines page of the admin console. At the top of the list you should see the device with a “needs authorization” badge beneath it.
You can review details about the device and user before deciding whether to authorize it. When you’re ready to authorize the device, open the … menu and select “Authorize” to allow the device to connect to your network.
After authorization, the device will immediately be able to connect. No restarts or toggling needed.