Setting up Google admin policies to work with Tailscale

You should be able to use your Google identity to log into Tailscale without additional configuration.

However, in some cases, your domain administrator may have restricted third-party apps from being added to your domain without approval. If you try to log in to Tailscale with Google, and you get the error message Error 400: admin_policy_enforced, Tailscale is blocked in your domain.

If you are the Google Workspace admin for your domain, allowlist Tailscale following Google’s instructions to manage access to apps:

  1. Log in to the Google Admin console.
  2. From the Home page, go to Security > API controls.
  3. Under App access control, click Manage third-party app access.
  4. Search to find the Tailscale app in the list. Click Add a filter and enter “Tailscale” in the App name field, and click Apply.
    • The Tailscale app’s client_id is 674241127656-lmq9su4p8ni1tcpuh6eqidoornqtvmvi.apps.googleusercontent.com
    • The Tailscale Android authenticator’s client_id is 744055068597-ppu003h5o04mln2dlou55msf9t4mup3c.apps.googleusercontent.com
  5. Check the box for Tailscale and click Change access.
  6. Choose the Limited or Trusted option to allow access.
  7. Click Change.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2022 Tailscale Inc.

Privacy & Terms