A lot of products strive to have a solution that “just works.” Tailscale’s zero-config VPN is one of the products that actually delivers on this promise. Whether it’s SSHing into production servers or connecting to your testing database in AWS, Tailscale really prioritizes an ultra-smooth developer experience.
When thinking about access control for Tailscale and how to grant access to resources within your Tailnet, you don’t want to ruin its developer-friendliness by making it difficult to use.
So how do you strike that balance between fine-grained access control and frictionless connection? The answer is time-bound, role-based Tailnet access — or what we call on-demand access control.
Here’s an interactive demo of what that can look like using Indent:
/access in Slack your developers can get temporary access to your production
database or ssh into your staging environment, all without breaking their concentration.
Their requests either route to approvers automatically for approval or are instantly
approved based on their on-call or group membership.
With friction-free temporary access, engineers can move quickly without endangering the security of the entire organization.
Is on-demand access hard to get set up? Nope! With Indent you can get started by simply creating a Tailscale OAuth client.
To address the usual admin chore of granting on-demand access across your engineering team, Indent can trigger policy updates to the Access Control List (ACL), adding and removing users automatically.
Rather than configuring each workflow or resource individually, create rules that can be applied across multiple workflows. Save yourself precious time, and ensure uniformity across resources with similar security requirements.
Indent also handles access lifecycle logging, capturing who requested access to what and why, who approved it, how long the user had access, and when they lost access. These logs can be exported into your compliance platform for audit evidence.
By managing the approvals workflow, provisioning, revocation, and compliance evidence generation, on-demand access control reduces privileged access by 80% while helping engineers get access 15x faster compared to managing it manually.
Reclaim.ai is an intelligent calendar assistant that helps teams and individuals optimize their schedules by automatically allocating time for their meetings, tasks and routines, while integrating with more of the places they already do their work. To do that, we process PII and Google calendar data for our 20k+ global customers.
Reclaim uses Tailscale for networking and Indent for temporary access control. They recently wrote a post about their experience managing access with Indent which you can check out on the Tailscale blog.
On-demand production access should be affordable for everyone.
You can set up Indent for Tailscale in under 15 minutes.