Docs / Install

Setting up Okta to work with Tailscale

To activate Okta for your domain, follow the instructions below.


  1. Supported Features
  2. Requirements
  3. Configuration Steps
  4. Notes

Supported Features

  • Single Sign-On (OpenID Connect) initiated via Okta


Configuration Steps

We are actively working to make this process more automated. In the meantime, here are the steps you’ll need to take to enable your domain for Okta authentication.

  1. On the Okta admin page, select the Tailscale application and navigate to the Sign On tab
    1. Copy the values of Client ID and Client secret
    2. Copy the issuer published in the OpenID Provider Metadata. Typically, this is the Okta URL.
  2. Fill out the SSO configuration or change section of the support form using the OpenID Connect details saved in the previous step. Note that the domain name used to log into Tailscale should match the email addresses of users assigned to this app

After you submit this information, we will send you a custom link to finish activation. This may take up to two business days.

In the meantime, give users and/or groups access to the Tailscale app:

If your organization has defined custom access policies, verify that the Tailscale app is authorized for the openid, email, and profile scopes.


After activation, check out our getting started guide.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2021 Tailscale Inc.

Privacy & Terms