Security
Tailscale for security teams
Shrink the risk surface area for your organization
Trusted by security teams at companies like these
Safeguard users, devices, and any type of workload.
Secure users
Dynamically manage the user and group lifecycle with SCIM. Authenticate network access with SSO & MFA.
Secure devices
Continuously verify devices meet certain conditions to retain access to your organization’s private network.
Secure workloads
Explicitly authorize which users and services can communicate. Layer on additional security measures like SSH session recording.
Strengthen your security posture
On-demand access
Provide just-in-time, time-bound, elevated access to employees such as on-call engineers using one of our partner's integrations.
EDR integrations
Integrate EDRs like Crowdstrike to enable device identity collection and supercharge device posture by leveraging the Zero Trust Assessment score to determine trustability.
Streaming audit logs
Stream configuration audit logs, network flow logs, and SSH sessions into your preferred SIEM to surface any potentially anomalous activity.
Zero Trust with Tailscale
Least-privileged access with an adaptive policy engine
Tailscale’s policy engine operates in least-privileged mode by default. Users, devices, groups, and tags must have explicitly assigned permissions for access.
Continuous verification
Get continuous verification with machine and user identity built into every single request. Automatically maintain access levels based on user and device state.
Active assurance
Combine system events, network flow logs, and audit logs with SSH session recording and Tailscale's check mode to drive active assurance. Quarantine devices with known IoC in seconds.
Get these features and more with Tailscale
End to End Encryption
Tailscale brings end-to-end WireGuard to the networking layer, ensuring each and every connection is encrypted
Tailscale SSH
Use this drop-in replacement to manage & record shell access into any linux machine without needing to share or manage keys.
Log streaming
Stream configuration or network flow logs into a security information and event management (SIEM) system.
IaC Integrations
Easily deploy Tailscale into cloud and on-prem environments via your IaC provider of choice, including: Terraform, Pulumi, and Ansible.
GitOps for ACLs
Easily modify and rollback JSON based network configuration directly from GitHub or GitLab.
ACL Tests
Define ACL tests and ensure changes don't unintentionally allow access to resources.
Device posture management
Integrate into your existing device posture management tools: CrowdStrike, SentinelOne, InTune, Jamf, Kanji and more.
Device approval
Review and approve new devices before they can your network.
Bring your own IdP
Tailscale works on top of your identity provider (IdP), including support for custom OpenID Connect (OIDC) providers
Pricing that works for everyone
For teams or organizations looking for an easy-to-use, secure, legacy VPN replacement.
For companies who need service and resource level authentication and access control.
For companies who need advanced integrations, compliance and support for access control at scale.