Custom SSO providers using SAML or OIDC
Tailscale allows WireGuard® to support several OpenID Connect (OIDC) and SAML identity providers, including Google, Azure AD, Okta, and others. Almost everyone can use one of the included providers.
Rarely, you may be operating your own SAML, OAuth2, or OIDC provider. Tailscale is able to use these with your account. However, since every identity provider is different, this usually requires some custom configuration and debugging work. As a result, custom providers are only available with an Enterprise subscription.
We find that almost everyone asking for SAML or OIDC integration is using one of the common providers, particularly Okta or OneLogin.