Setting up Google to work with Tailscale

You should be able to use your Google identity to log into Tailscale without additional configuration.

To use Google as your identity provider with Tailscale, select Sign up with Google when signing up for your Tailscale account.

Allowlist Tailscale as a third-party app

In some cases, your domain administrator may have restricted third-party apps from being added to your domain without approval. If you try to log in to Tailscale with Google, and you get the error message Error 400: admin_policy_enforced, Tailscale is blocked in your domain.

If you are the Google Workspace admin for your domain, allowlist Tailscale following Google's instructions to manage access to apps:

1. Log in to the Google Admin console.
2. From the Home page, go to Security > API controls.
3. Under App access control, click Manage third-party app access.
4. Search to find the Tailscale app in the list. Click Add a filter and enter "Tailscale" in the App name field, and click Apply.
   • The Tailscale app's client_id is 674241127656-lmq9su4p8ni1tcpuh6eqidoornqtvmvi.apps.googleusercontent.com
   • The Tailscale Android authenticator's client_id is 744055068597-ppu003h5o04mln2dlou55msf9t4mup3c.apps.googleusercontent.com
5. Check the box for Tailscale and click Change access.
6. Choose the Limited or Trusted option to allow access.
7. Click Change.