User & group provisioning for Google Workspace
Tailscale supports synchronizing Google Workspace users and groups for use in Tailscale access controls.
With group sync, you can refer to a group from Google in your tailnet policy file, with a human-readable name.
With user sync, you can onboard and offboard users easily to Tailscale. For related information, see Offboarding when using user & group provisioning.
- While this feature is in Alpha, contact support to enable synchronizing your Google Workspace users and groups.
- Login with a Google Workspace super admin account.
- Enable the Admin SDK, which provides the APIs used to sync between Google and Tailscale.
- Open https://console.cloud.google.com.
- If you do not have a Google Cloud Project, create one.
- Search for Admin SDK.
- Select Enable.
- Add the Tailscale app to your Google Workspace:
- Open https://admin.google.com.
- Click Security, click Access and data control, click API controls, and then click Manage Third-Party App Access. If you do not see a Security tab, click Show more.
- Add the app:
- Connect Tailscale to your Google Workspace: