Custom SSO providers using SAML or OIDC

Tailscale allows WireGuard® to support several OpenID Connect (OIDC) identity providers, including Google, Azure AD, Okta, and others. Almost everyone can use one of the included providers.

Existing support

We find that almost everyone asking for SAML or OIDC integration is using one of the common providers, particularly Okta or OneLogin.

Okta activation instructions
OneLogin activation instructions
Google, Microsoft, and GitHub login work without any activation.

Rarely, you may be operating your own SAML, OAuth2, or OIDC provider. Since every identity provider is different, this usually requires some custom configuration and debugging work. As a result, custom providers are only available with an Enterprise subscription.

For other custom SAML or OIDC providers as part of an Enterprise subscription, contact us.

Enable two-factor and multi-factor auth (2FA/MFA)
Supported SSO identity providers (Google, AzureAD, GitHub, Okta, etc)

Custom SSO providers using SAML or OIDC

Existing support

Custom support

Related Pages