SaaS security that scales for enterprises
Security at the speed of SaaS across the globe
Continuous Device Protection
Enterprise Scalability
Quarantine Compromised Devices
Identity-based access controls protect at the application and service level
Users Management
SSO & MFA with IdP
Users can authenticate using one of our supported identity providers to access the tailnet.
User & group provisioning (SCIM)
Sync users and group settings from one of our supported IdPs to keep ACLs up-to-date.
On-demand access
Partner integrations allow administrators to provide time-bound, elevated privileges for users.
Devices
Device approval
Require devices to be approved by an administrator before joining the tailnet.
Device Posture Management
Collect device attributes and use them as part of connectivity rules within your Tailnet to limit access for devices that do not meet security requirements
Policies
Access controls lists (ACLs)
Create RBAC policies to determine which users, roles, or groups can access, which nodes on your tailnet.
ACL tests
Verify ACLs provide sufficient coverage against unnecessary exposure.
Tailnet lock
A predetermined trusted node must verify the trusted keys of any nodes attempting to join your tailnet.
Network Access
App Connectors
Secure third-party SaaS applications by restricting access to authorized users.
Kubernetes Operator
Connect services and encrypt communications across heterogeneous environments.
Regional Routing
Increase performance with high availability across complex networks.
Exit nodes
Route all traffic through a designated egress point, similar to a privacy VPN.
End-to-end encryption
Tailscale uses WireGuard protocols for end-to-end encryption.
Logging
Configuration audit logging
Surface what configuration-based actions occurred, by whom, and when.
Network flow logging
Surface what node-to-node interaction occurred, and when.
Log streaming
Natively stream configuration or network flow logs to our SIEM integration partners.
SSH session recording
Store any Tailscale SSH session recording long-term in any S3-compatible service or local disk.