[July 25 Webinar] Scaling Tailscale programmatically with IaC
Get started
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Tailscale for security teams

Protect your organization with zero-trust networking that extends across any infrastructure with near real-time visibility.


Trusted by security teams at companies like these

Hugging Face

Unleash developer velocity without compromising security

Safeguard users, devices, and workloads with identity-based security.

Protect users

Protect users

Dynamically manage the user & group lifecycle with SCIM and authenticate network access with SSO & MFA.
Protect devices

Protect devices

Continuously verify devices meet certain conditions to retain access to your organization’s private network.
Protect users

Protect workloads

Explicitly authorize which users and services can communicate with the ability to layer additional security measures like SSH session recording.

Strengthen your security posture

on-demand access

On-demand access

Provide just-in-time, time-bound, elevated access to employees such as on-call engineers using one of our partner's integrations.

on-demand access

EDR Integrations

Integrate EDRs like Crowdstrike to enable device identity collection and supercharge device posture by leveraging the Zero Trust Assessment score to determine trustability.

on-demand access

Streaming audit logs

Stream configuration audit logs, network flow logs, and SSH sessions into your preferred SIEM to surface any potentially anomalous activity.

See what other Security pros are doing with Tailscale

End-to-end protection with Tailscale

Users Management

SSO & MFA with IdP

SSO & MFA with IdP

Users can authenticate using one of our supported identity providers to access the tailnet.

Learn more

User & group provisioning (SCIM)

Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.

On-demand access

Partner integrations allow administrators to provide time-bound, elevated privileges for users.


Device Approval

Require devices to be approved by an administrator before joining the tailnet.

Device posture management

Collect device attributes and use them as part of connectivity rules within your Tailnet to limit access for devices that do not meet security requirements.


Access controls lists (ACLs)

Access controls lists (ACLs)

Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.

Learn more

ACL Tests

Verify ACLs provide sufficient coverage against unnecessary exposure.

GitOps for ACLs

Manage ACLs version control within a CI/CD workflow using GitHub or GitLab.

Tailnet Lock Alpha

A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.

Network access

Kubernetes operator

Kubernetes operator

Connect services and encrypt communications across heterogeneous environments

Learn more
App connectors

App connectors

Secure third-party SaaS applications by restricting access to authorized users.

Learn more

Regional routing

Increase performance with high availability across complex networks

Exit nodes

Route all traffic through a designated egress point, similar to a privacy VPN.

End-to-end encryption

Tailscale uses WireGuard® protocols for end-to-end encryption.


SSH session recording

SSH session recording

Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.

Learn more

Configuration audit logging

Surface what configuration-based actions occurred, by whom, and when.

Network flow logging

Surface what node-to-node interaction occurred, and when.

Log streaming

Natively stream configuration or network flow logs to our SIEM integration partners.

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
Hugging Face