Just-in-time access

Tailscale provides several ways for you to provide just-in-time (JIT) access to resources in your Tailscale network (known as a tailnet). For example, you can provide an appropriate level of access to an engineer for a limited amount of time so they can perform maintenance on a server.

JIT access works in conjunction with access control lists (ACLs) to determine access for users and devices in your tailnet. You manage ACLs in the tailnet policy file. For JIT access, you use automation to provide access to someone for a limited time, allowing them to perform a task. There are a few ways to achieve this.

Provide just-in-time access

Tailscale lets you manage JIT access to network resources based on device posture attributes, which are key-value pairs of data attached to devices that can be used as part of the tailnet policy file.

Use device posture attributes.

Manage JIT access with device posture attributes.

Tailscale partners with other companies for JIT access workflow integrations.

Use a third-party integration.

Manage JIT access by using a third-party integration.

The Tailscale API lets you manage tailnet policy files, including for JIT access. For details, refer to the Policy File section in the Tailscale API documentation.

Use the Tailscale API.

Manage JIT access by using the Tailscale API.

Tailscale lets you manage access to network resources based on group membership by syncing groups from SCIM-integrated identity providers to Tailscale.

Use group membership syncing.

Use group membership syncing and grant JIT access by adding a user to a group.