search

tailscale / tailscale

The easiest, most secure way to use WireGuard and 2FA.
https://tailscale.com
BSD 3-Clause "New" or "Revised" License
19.08k stars 1.49k forks source link

OIDC: Support arbitrary OpenID Connect auth endpoints #823

Closed apenwarr closed 1 year ago

apenwarr commented 4 years ago

Placeholder for generic OIDC support requested by customers.

Front logo Front conversations

DentonGentry commented 3 years ago

https://github.com/tailscale/tailscale/issues/379 (Keycloak) https://github.com/tailscale/tailscale/issues/794 (JumpCloud) https://github.com/tailscale/tailscale/issues/920 (AWS SSO) https://github.com/tailscale/tailscale/issues/1130 (Digital Ocean idP) https://github.com/tailscale/tailscale/issues/1197 (Duo) https://github.com/tailscale/tailscale/issues/1222 (auth0) https://github.com/tailscale/tailscale/issues/446 (GitHub) https://github.com/tailscale/tailscale/issues/1417 (Yahoo) https://github.com/tailscale/tailscale/issues/1614 (CloudFlare) https://github.com/tailscale/tailscale/issues/2046 (AWS Cogito; might be same as #920) https://github.com/tailscale/tailscale/issues/598 (Apple / iCloud)

DentonGentry commented 3 years ago

A note on GitHub OAuth: if you request the 'user:email' scope you get email addresses, but you have to request it. The default ("no scope") only gives you their GitHub username and very limited profile information.

patmaddox commented 3 years ago

I'd like to be able to auth with GitHub.

bradfitz commented 3 years ago

@patmaddox, that's https://github.com/tailscale/tailscale/issues/446

garrett-ts commented 2 years ago

adding new request

5345 (Rippling)

mayakacz commented 1 year ago

We've just released support for custom OIDC providers with Tailscale, and have tested several identity providers already to confirm they work, and will be testing more. Read more in the blog post and docs.

To migrate an existing Tailscale account from another identity provider to a custom OIDC provider, contact support with an Identity provider change: https://tailscale.com/contact/support/?type=sso. Note that we can only migrate a Tailscale account to a custom OIDC provider that uses a custom domain (for example, @work.com instead of @gmail.com).

sanilcredcore commented 1 year ago

where can i find the list of identity providers tested and supported. I am specifically looking for JumpCloud support

diogopms commented 1 year ago

where can i find the list of identity providers tested and supported. I am specifically looking for JumpCloud support https://tailscale.com/kb/1240/sso-custom-oidc/

I'm looking for the way to configure the auth0 using OIDB using tailscale.

mayakacz commented 1 year ago

where can i find the list of identity providers tested and supported

The full list of IdPs supported, including those tested for custom OIDC is listed here: https://tailscale.com/kb/1013/sso-providers/

I am specifically looking for JumpCloud support I'm looking for the way to configure the auth0 using OIDB using tailscale.

See https://tailscale.com/kb/1240/sso-custom-oidc/#additional-provider-configurations

DentonGentry commented 1 year ago

I believe the intent of this feature request has been met by https://tailscale.com/kb/1240/sso-custom-oidc/ Closing as completed.