Manage access

Use Tailscale access features to control how users access resources in your Tailscale network, known as a tailnet. You also control how devices access other devices.

Manage access policy

Access control lists (ACLs) and grants let you precisely define permissions for users and devices in your tailnet. Tailscale manages access rules for your network in the tailnet policy file.

Manage permissions using ACLs

Define permissions for your users and devices at the network layer.

Manage permissions using grants

Define permissions for your users and devices at the network or application layer.

Tailnet policy file

Get details about the syntax and structure of the tailnet policy file.

Just-in-time (JIT) access

Use automation to provide Just-in-time (JIT) access, also known as on-demand access, to someone for a limited time, allowing them to perform a task.

Manage devices

You control which devices are in your tailnet, including whether you want a tailnet admin to approve new devices before they are allowed access. You can also use device posture with mobile device management (MDM) solutions to enforce device rules.

Add, remove, and manage devices

Learn how to manage devices, enforce admin approval for new devices, and use device posture for enforcing device rules.

Manage users and user roles

You control which users are in your tailnet, how they are invited, and their access to your tailnet resources.

Add, remove, and manage users

See how to add and manage users, delete users, and enforce review of new users before they can join your tailnet.

Manage domain ownership

When you create your tailnet, your user domain becomes part of your Tailscale identity.

Domain ownership

Learn how your user domain is used for Tailscale identity, and how to mitigate tailnet risk from a malicious takeover.