Fouad Matin

@fouadmatin

Elsie Phillips

Today we’re excited to unveil the new Twingate + Indent integration. Twingate replaces traditional corporate VPNs with a modern Zero Trust Network (ZTN).

Supporting fast-growing cloud-native companies like Blend.com, Chargebee, and Bloomreach, Twingate allows companies to easily implement granular access controls, while providing performant peer-to-peer connections for end users. By pairing Indent and Twingate you can have on-demand, least-privilege access to production environments.

With the Twingate + Indent integration, you can:

• Give users time-bound, auto-expiring access to specific apps and environments
• Allow temporary SSH connections between devices as authorized by your access controls and connected identity provider
• Set up closed-by-default rules for the most sensitive nodes in your network to allow only senior engineering staff the ability to approve access for 30 minutes at a time or auto-approve while someone is on-call

Try the interactive demo below and request access as me:

During onboarding employees are given access to the tools and environments they need to do their jobs. For engineers at smaller companies, that often means being granted admin level privileges to sensitive systems like production environments. This helps the team move quickly.

In a smaller team, it’s easy to have the illusion that the chance of intentional or unintentional unapproved updates is small. However mistakes and breaches happen even on small teams.

The awareness of the riskiness of standing admin permission grows with the number of folks who have those permissions until the organization reaches a critical inflection point, whether it’s SOC 2 compliance, a breach, or an honest mistake. At that point, access goes from a free for all to being manually granted. This can be extremely painful for both the requesters and reviewers and incentivizes keeping/granting elevated privileges for longer than necessary.

Using Twingate with Indent helps change those incentives. Together they enable you to have a frictionless connection flow and add additional controls and automation to ensure compliance policies are adhered to and to create an additional layer of protection. For instance, you can ratchet up the controls for production vs staging to require that requests are approved by senior engineering staff or leadership.

Using an on-call provider as a source of truth, you can set up a bot to approve access based on a user’s on-call status while still producing auditable access evidence. Setting up on-call auto approvals facilitates fast access during incidents while maintaining compliance best practices.

You can set up auto approvals for Twingate with common on-call providers like PagerDuty, OpsGenie or even a list of authorized email addresses.

Let’s consider an example where your co-worker You need your co-worker Jane’s feedback on some work in progress. You’re developing a new feature for a web app, so she needs to view that work in her browser. This kind of thing can sometimes be accomplished with duct tape, bash scripts, and some mental gymnastics.

But, the Twingate + Indent integration simplifies things.

Twingate manages the connection details, and does so without the fuss of port forwarding or VPNs. Indent makes it easy for you to grant access when Jane needs to view your work. They have the option of granting indefinite access, or (for the privacy appreciators) access within a window of time. On demand access is also kind of nice for ensuring Jane and other reviewers are not accidentally viewing a stale version of your work.

To make the magic happen, you'll need to:

1. Make sure your dev server has a Twingate connector running as a Docker container. For first-time setup, that includes setting a few environment variables from your Twingate Connector page.

2. Install the Indent integration for Okta.

3. Setup your Twingate Okta integration.

4. Start granting temporary access!

Any questions? Feel free to reach out and we're happy to schedule time for a demo.