Enable two-factor and multi-factor authentication

Tailscale relies on your existing identity provider to authenticate users. Any authentication settings from your identity provider are automatically used by Tailscale, including MFA.

To enable MFA for your domain, set it up from your identity provider.

Apple

Apple provides documentation on how to enable multi-factor authentication for Apple ID. Refer to the Apple Support topic Two-factor authentication for Apple ID for more information.

Google

Google provides documentation on how to enable multi-factor authentication for Gmail and Google Workspace (G Suite). Refer to the Google Help Center topic Deploy 2-Step Verification for more information.

Microsoft

Microsoft provides documentation that describes how to enable MFA for your whole domain or for individual users for Office365, Active Directory, and Azure Active Directory. Refer to the Microsoft documentation topic Multifactor authentication for Microsoft 365 for more information.

Okta

Okta provides documentation that describes how administrators can configure MFA for their entire organization or only for Tailscale by setting a multi-factor policy. Refer to the Okta documentation topic Multifactor Authentication for more information.

OneLogin

OneLogin provides documentation that describes how users can enable MFA for the domain by creating a new authentication factor, assigning it to a security policy, and assigning that policy to their users. Refer to the OneLogin documentation topic Use MFA for extra security for more information.