Networking should be simple(r)
Tailscale makes it easy to overlay any network topology, enforce the principle of least privilege, and continuously monitor your tailnet.
Application networking
Accelerate application development through 65+ integrations to accommodate any workflow.
Auth keys
Pre-authentication keys automatically register new nodes without having to sign in via a web browser.
Service provisioning
ACL tags assign an identity to a node that’s used as part of an ACL to restrict access.
Tailscale SSH
Tailscale brokered and authenticated SSH connection without managing SSH keys.
Tailscale SSH console
Initiate browser-based SSH session from the admin console to a designated node.
Continuous monitoring
Create a system of record to monitor performance, user-to-node interactions, and potential security incidents.
Configuration audit logging
Surface what configuration-based actions occurred, by whom, and when.
Log streaming
Natively stream configuration or network flow logs to our SIEM integration partners.
Tailscale SSH session recording
Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.
Least privilege access
Identity is weaved directly into the network fabric to safeguard valuable resources with Access Control Lists (ACLs) enforceable at the node level.
Access control lists (ACLs)
Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.
GitOps for ACLs
On-demand access
Partner integrations allow administrators to provide time-bound, elevated privileges for users.
Separation of administrative duties
Administrative roles with varying privileges to manage your tailnet.
Mobile device management
Tailor Tailscale for the needs of your business with UI customization, auto-updates, runtime configurations and more, all integrated with your favorite Mobile Device Management solution.
Network connectivity
Securely connect users, devices, and services across any infrastructure without interruptions.
Peer-to-peer connections
Tailscale uses WireGuard VPN protocol to establish low-latency, peer-to-peer connections.
Split tunneling
Split tunneling only routes internal traffic through the VPN for improved latency.
HA subnet routers
Ensure users can still access resources if a routing device becomes unavailable.
Short DNS host names
MagicDNS automatically registers DNS names as human-readable for better discoverability.
Search domains
Ensure users can still access resources if a routing device becomes unavailable.
IP space collision resolution
Route traffic to overlapping IPv4 subnets without renumbering with 4via6 subnet routers, by assigning unique IPv6 addresses for each subnet.
Posture management
Harden your security posture with built-in features to continuously enforce node-level policies.
Device approval
Require devices to be approved by an administrator before joining the tailnet.
Tailnet lock
A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.
Device posture management
Collect device attributes and use them as part of connectivity rules within your Tailnet to limit access for devices that do not meet security requirements.
Device posture integrations
Configure EDR integrations like Crowdstrike to use their custom attributes as part of device posture checks for your Tailnet.
Services Management
Monitor and safely share access to services running on machines on your tailnet.
Node sharing
Share a node with any Tailscale user on any tailnet without exposing it to the public internet.
HTTPS certificates
Enable HTTPS when connecting with web APIs or browsers to encrypt communications.
tsnet
Embed Tailscale inside Go programs to run multiple services on a single machine to create tools like golinks.
User management
Create intuitive workflows to streamline user access with SSO, IdP, and SCIM support.
SSO with IdP
Users can authenticate using one of our supported identity providers to access the tailnet.
User approval
Require users to be approved by an administrator before gaining access to the tailnet.
Custom OIDC provider
Users can authenticate themselves using their organization’s custom OIDC.
User & group provisioning (SCIM)
Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.
