Zero trust networking
Authorize, authenticate, and verify every interaction on your network
With Tailscale, zero trust networks are context-aware, privacy-first, and resilient to your needs.
Trusted by 9,000+ companies like these
Zero Trust with Tailscale
Zero Trust with Tailscale applies the same rigors designed for remote workers and devices to campus-based users and devices, ensuring that everyone has increased security and a consistent user experience.
Least-privileged access by default
Programmable network policy, deployed automatically
Tailscale’s adaptive policy engine operates in least-privileged mode by default, which allows organizations to start with a ‘trust nothing, verify everything’ posture.
Access Control Lists (ACLs)
Create human-readable policies to determine which users, roles, or groups can access, which nodes on your Tailscale network. Even include tests that confirm the correct policy behavior.
External tooling for management
Use GitOps to manage policy, use the Tailscale API for more complex automations, or manage Tailscale with Infrastructure as Code (IaC) tools.
Grants
Embed application capabilities in the policy engine by writing policies that grant access to actions within an application, regardless of Tailscale's awareness of those capabilities.
Easy connectivity, regardless of your networking stack
Network and cloud agnostic
Connect resources across SaaS, PaaS, IaaS, sites, internal resources, legacy hardware, service mesh, applications, and even home networks. You can also onboard VPCs and external SaaS applications, or make your internal apps Tailscale-aware.
Mesh-enabled microsegmentation
Segment your Tailscale network in granular ways, across teams, offices, departments, resource types, and more. Assign tags for easy policy enforcement.
Regional routing
Scale globally and stay performant with high availability across complex networks.
Bolster your organization’s security posture
Continuous verification
Tailscale implements continuous verification with machine and user identity built into every single request. So, you can secure your workforce and devices — no matter where they are.
User identity
Tailscale supports nearly all identity providers your organization uses, including Okta, Google, Apple, GitHub, Entra ID, passkeys, and more via custom OIDC. The groups you sync from these providers can have policies applied to them, ensuring changes only need to be reflected in one place.
Device identity
Use device approval features to ensure only trusted devices ever enter the network. Tailscale’s device posture management helps your team ensure that devices inform Tailscale of their state and telemetry, so you can use device posture scores to drive policy decisions.
Migrate to zero trust progressively
Start small, scale out
With Tailscale, universal zero trust can be implemented iteratively, across every resource in the organization, with a consistent user experience no matter where an employee is, an easy-to-manage control plane, all at a price point designed for teams of all sizes.
Get these features and more with Tailscale
Tailscale SSH (with recording)
Use this drop-in replacement to manage & record shell access into any linux machine without needing to share or manage keys.
Kubernetes Operator
Quickly route traffic to & from Kubernetes clusters to your Tailnet while keeping services and the control plane off the public internet.
Subnet Routers
Establish connectivity to entire VPCs or devices where Tailscale can't be installed.
IaC Integrations
Easily deploy Tailscale into cloud and on-prem environments via your IaC provider of choice, including: Terraform, Pulumi, and Ansible.
GitOps for ACLs
Easily modify and rollback JSON based network configuration directly from GitHub or GitLab.
Point-to-Point Connectivity
Using a global network of servers, Tailscale facilitates direct device-to-device connections across a wide range of NAT gateways.
Bring your own IdP
Use SSO & MFA from a wide array of supported IdPs to authenticate users onto any Tailnet.
Log Streaming
Natively stream network flow and configuration audit logs to popular SIEM providers.
Scoped keys
Get case-sensitive keys and secrets from Tailscale: API access tokens, Auth keys, OAuth clients, SCIM API keys, Webhook secrets and more.
Pricing that works for everyone
For teams or organizations looking for an easy-to-use, secure, legacy VPN replacement.
For companies who need service and resource level authentication and access control.
For companies who need advanced integrations, compliance and support for access control at scale.