Get started
Login
© 2024

Just-in-time access

Tailscale provides several ways for you to provide just-in-time (JIT) access to resources in your Tailscale network (known as a tailnet). For example, you can provide an appropriate level of access to an engineer for a limited amount of time so they can perform maintenance on a server.

How it works

Access control lists (ACLs) determine access for users and devices in your tailnet. You manage ACLs in the tailnet policy file. For JIT access, you use automation to provide access to someone for a limited time, allowing them to perform a task. There are a few ways to achieve this:

  • Modify the tailnet policy file to grant additional access to a user or a device.
  • Use device posture as part of your network policy, and grant additional access by setting an attribute on a specific device.
  • Use group membership syncing, and grant access by adding a user to a group.

Use device posture for JIT access

Device Posture just-in-time access is available for the Enterprise plan.

Tailscale allows managing access to network resources based on device posture attributes, which are key-value pairs of data attached to devices that can be used as part of the tailnet policy file.

Use the Tailscale API for JIT access

You can use Tailscale API methods to manage tailnet policy files, including for JIT access. For details, refer to the Policy File section in the Tailscale API documentation.

Use third-party integrations for JIT access

Tailscale partners with other companies for on-demand access workflow integrations. For details, refer to On-demand access.

Last updated Oct 22, 2024