Faster Access, More Control with Tailscale + Indent

9 months ago
Written by

A lot of products strive to have a solution that “just works.” Tailscale’s zero-config VPN is one of the products that actually delivers on this promise. Whether it’s SSHing into production servers or connecting to your testing database in AWS, Tailscale really prioritizes an ultra-smooth developer experience.

When thinking about access control for Tailscale and how to grant access to resources within your Tailnet, you don’t want to ruin its developer-friendliness by making it difficult to use.

So how do you strike that balance between fine-grained access control and frictionless connection? The answer is time-bound, role-based Tailnet access — or what we call on-demand access control.

Here’s an interactive demo of what that can look like using Indent:

By entering /access in Slack your developers can get temporary access to your production database or ssh into your staging environment, all without breaking their concentration. Their requests either route to approvers automatically for approval or are instantly approved based on their on-call or group membership.

With friction-free temporary access, engineers can move quickly without endangering the security of the entire organization.

Set up on-demand access for Tailscale

Is on-demand access hard to get set up? Nope! With Indent you can get started by simply creating a Tailscale OAuth client.

To address the usual admin chore of granting on-demand access across your engineering team, Indent can trigger policy updates to the Access Control List (ACL), adding and removing users automatically.

Rather than configuring each workflow or resource individually, create rules that can be applied across multiple workflows. Save yourself precious time, and ensure uniformity across resources with similar security requirements.

Indent also handles access lifecycle logging, capturing who requested access to what and why, who approved it, how long the user had access, and when they lost access. These logs can be exported into your compliance platform for audit evidence.

By managing the approvals workflow, provisioning, revocation, and compliance evidence generation, on-demand access control reduces privileged access by 80% while helping engineers get access 15x faster compared to managing it manually.

Customer Spotlight: Reclaim is an intelligent calendar assistant that helps teams and individuals optimize their schedules by automatically allocating time for their meetings, tasks and routines, while integrating with more of the places they already do their work. To do that, we process PII and Google calendar data for our 20k+ global customers.

Reclaim uses Tailscale for networking and Indent for temporary access control. They recently wrote a post about their experience managing access with Indent which you can check out on the Tailscale blog.

What will it cost?

On-demand production access should be affordable for everyone.

You can set up Indent for Tailscale in under 15 minutes.

Getting Started

  1. Set up Indent with Tailscale
  2. Choose which groups you want to manage in Tailscale ACL.
  3. Start granting temporary access!

Have any questions? Feel free to reach out to our team over live chat, our help desk or email us at [email protected].

Try Indent for free.