Get started
© 2024

User & group provisioning for Google Workspace

This feature is available for the Personal and Enterprise plans.
Google Workspace User & group provisioning is currently in private alpha. Therefore, this topic is currently hidden.

Tailscale's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy including the Limited Use requirements.

Tailscale supports synchronizing Google Workspace users and groups for use in Tailscale access controls.


  1. While this feature is in Alpha, contact support to enable synchronizing your Google Workspace users and groups.
  2. Login with a Google Workspace super admin account.
  3. Enable the Admin SDK, which provides the APIs used to sync between Google and Tailscale.
    1. Open
    2. If you do not have a Google Cloud Project, create one.
    3. Search for Admin SDK.
    4. Select Enable.
  4. Add the Tailscale app to your Google Workspace:
    1. Open
    2. Click Security, click Access and data control, click API controls, and then click Manage Third-Party App Access. If you do not see a Security tab, click Show more.
      Click Show more
      Click API controls
    3. Add the app:
      Click Manage Third-Party App Access
      Click Add app
  5. Connect Tailscale to your Google Workspace:
    1. Open as your Google Workspace super user.
    2. Once logged in, directly visit the URL
    3. Follow the prompt and log in to start Google User & Group sync.

If a group is renamed in Google Admin Console, the reference does not rename. You will always use the group email to reference the group in your Tailscale ACL rules.


  • The maximum number of groups that can be synced is 100.
  • After a new group is created in Google Workspace, a Tailscale Owner, Admin, or IT admin needs to open the Google Group Sync page and select the group to allow syncing of the group.