On Thu, 06 Jul 2023 19:43:25 +0000, John wrote:
I've been using Tailscale on Android
First question is what is "Tailscale on Android" so I looked it up.
https://github.com/tailscale/tailscale-android https://play.google.com/store/apps/details?id=com.tailscale.ipn https://f-droid.org/en/packages/com.tailscale.ipn/
"Tailscale is a mesh VPN alternative that makes it easy to connect your devices, wherever they are. No more fighting configuration or firewall
ports. Built on WireGuard, Tailscale enables an incremental shift to
zero-trust networking by implementing "always-on" remote access. This guarantees a consistent, portable, and secure experience independent of physical location."
I installed it from Windows using the F-Droid repository link to the APK.
https://f-droid.org/repo/com.tailscale.ipn_169.apk
Name: com.tailscale.ipn_169.apk
Size: 36635998 bytes (34 MiB)
SHA256: 6E84520B989C4FF5688CBFF42FF9DAFEA9C247CC50765AC4895C0103E866576E
When first started it says "We collect and use your email address and name,
as well as your device name, OS version, and IP address in order to help
you to connect your devices and manage your settings. We log when you are connected to your network.", which doesn't seem all that encouraging.
Pressing the "Get Started" button brings up your default web browser to
https://login.tailscale.com/login?
But it asks for an account that I don't have, so there's no way to proceed. Sign in with Google
Sign in with Microsoft
Sign in with GitHub
Sign in with Apple
Sign in with a passkey
When I clicked around for how to create an account the normal way it said
https://login.tailscale.com/start
Sign up with Google
Sign up with Microsoft
Sign up with GitHub
Sign up with Apple
Sign up with OIDC
When I pressed the link saying "Need another provider?" it went to
https://tailscale.com/kb/1013/sso-providers/
Supported SSO identity providers
Tailscale works on top of the identity provider (IdP) or single sign-on
(SSO) provider that you already use.
Standard identity providers are available on all plans.
Advanced identity providers are available on the Free, Premium, and
Enterprise plans.
Supported standard identity providers
Tailscale natively supports the following identity providers:
Apple
Google, including Gmail and Google Workspace (G Suite)
GitHub
Microsoft, including Microsoft Accounts, Office365, Active Directory, and
Azure Active Directory (Azure AD)
Okta
OneLogin
A GitHub standalone account can only be used for a single user tailnet. A
free and easy method for adding multiple users to your tailnet is to create
a GitHub organization. For more information, see Creating a multi-user
tailnet with GitHub organizations.
Supported custom identity providers
In addition to the natively supported identity providers, Tailscale also
allows you to authenticate with custom OpenID Connect (OIDC) providers. Tailscale has successfully tested several custom identity providers,
including:
Auth0
Authelia
Authentik
Codeberg
Dex
Duo
Gitea
GitLab and GitLab self-managed
JumpCloud
Ory Network and Ory self-hosted
Ping Identity
ZITADEL Cloud and ZITADEL Open Source
John <
john@building-m.simplistic-anti-spam-measure.net> wrote
I've been using Tailscale on Android
First question is what is "Tailscale on Android" for starters.
https://github.com/tailscale/tailscale-android https://play.google.com/store/apps/details?id=com.tailscale.ipn https://f-droid.org/en/packages/com.tailscale.ipn/
"Tailscale is a mesh VPN alternative that makes it easy to connect your devices, wherever they are. No more fighting configuration or firewall
ports. Built on WireGuard, Tailscale enables an incremental shift to
zero-trust networking by implementing "always-on" remote access. This guarantees a consistent, portable, and secure experience independent of physical location."
I installed it from Windows using the F-Droid repository
https://f-droid.org/repo/com.tailscale.ipn_169.apk
Name: com.tailscale.ipn_169.apk
Size: 36635998 bytes (34 MiB)
SHA256: 6E84520B989C4FF5688CBFF42FF9DAFEA9C247CC50765AC4895C0103E866576E
When first started it says "We collect and use your email address and name,
as well as your device name, OS version, and IP address in order to help
you to connect your devices and manage your settings.
We log when you are connected to your network.", which doesn't seem all
that encouraging.
Pressing the "Get Started" button brings up your default web browser to
https://login.tailscale.com/login?
But it asks for an account that I don't have, so there's no way to proceed. Sign in with Google
Sign in with Microsoft
Sign in with GitHub
Sign in with Apple
Sign in with a passkey
When I clicked around for how to create an account the normal way it said
https://login.tailscale.com/start
Sign up with Google
Sign up with Microsoft
Sign up with GitHub
Sign up with Apple
Sign up with OIDC
When I pressed the link saying "Need another provider?" it went to
https://tailscale.com/kb/1013/sso-providers/
Supported SSO identity providers
Tailscale works on top of the identity provider (IdP) or single sign-on
(SSO) provider that you already use.
Standard identity providers are available on all plans.
Advanced identity providers are available on the Free, Premium, and
Enterprise plans.
Supported standard identity providers
Tailscale natively supports the following identity providers:
Apple
Google, including Gmail and Google Workspace (G Suite)
GitHub
Microsoft, including Microsoft Accounts, Office365, Active Directory, and
Azure Active Directory (Azure AD)
Okta
OneLogin
A GitHub standalone account can only be used for a single user tailnet. A
free and easy method for adding multiple users to your tailnet is to create
a GitHub organization. For more information, see Creating a multi-user
tailnet with GitHub organizations.
Supported custom identity providers
In addition to the natively supported identity providers, Tailscale also
allows you to authenticate with custom OpenID Connect (OIDC) providers. Tailscale has successfully tested several custom identity providers,
including:
Auth0
Authelia
Authentik
Codeberg
Dex
Duo
Gitea
GitLab and GitLab self-managed
JumpCloud
Ory Network and Ory self-hosted
Ping Identity
ZITADEL Cloud and ZITADEL Open Source
When you activate your domain name with Tailscale for the first time, one
of the steps is to choose which identity provider you want to use.
Once you've authenticated a Tailscale client by connecting it to your
identity provider, it automatically exchanges keys and connectivity
information and connects to other Tailscale clients on your network,
subject to your security policy.
Support for 2FA and MFA
Tailscale supports two-factor and multi-factor authentication.
We never handle authentication itself. Instead, you can enable 2FA and MFA features in your single sign-on identity provider, and they will apply to
all your apps, including Tailscale.
Support for passkeys
Tailscale supports the use of passkey authentication for any tailnet that
you are authorized to join.
Signing up with an email address
We don't support sign-up with email addresses. By design, Tailscale is not
an identity provider-there are no Tailscale passwords.
Using an identity provider is not only more secure than email and password,
but it allows us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.
Changing identity providers
If you need to change identity providers, contact support.
Unfortunately, we cannot migrate your tailnet from/to GitHub or Apple as an identity provider.
What Tailscale accesses from identity providers
Tailscale requests the minimum access needed to function. Tailscale only
uses your organization's team membership to ensure users can join the
tailnet for their organization.
With the GitHub identity provider, Tailscale requests the minimum set of permissions needed to get team membership, which includes access to your repositories and project boards. Tailscale does not use any content in your repositories or project boards.
Identity provider availability by plan
Standard identity provider integrations Advanced identity provider
integrations
Available on all plans Available on the Free, Premium, and Enterprise plans Google
Microsoft
GitHub
Keycloak
Dex
GitLab self-managed
Ory self-hosted
ZITADEL Open Source
Authentik
Apple
Authelia
Codeberg
Gitea
Okta
OneLogin
JumpCloud
Auth0
Duo
GitLab
Ory Network
Ping Identity
ZITADEL Cloud
Other custom OIDC providers
Last updated Jun 13, 2023
So I gave up and deleted the app as someone with an account on those
platforms will have to be the person to test this to help you out.
When you activate your domain name with Tailscale for the first time, one
of the steps is to choose which identity provider you want to use.
Once you've authenticated a Tailscale client by connecting it to your
identity provider, it automatically exchanges keys and connectivity
information and connects to other Tailscale clients on your network,
subject to your security policy.
Support for 2FA and MFA
Tailscale supports two-factor and multi-factor authentication.
We never handle authentication itself. Instead, you can enable 2FA and MFA features in your single sign-on identity provider, and they will apply to
all your apps, including Tailscale.
Support for passkeys
Tailscale supports the use of passkey authentication for any tailnet that
you are authorized to join.
Signing up with an email address
We don't support sign-up with email addresses. By design, Tailscale is not
an identity provider-there are no Tailscale passwords.
Using an identity provider is not only more secure than email and password,
but it allows us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.
Changing identity providers
If you need to change identity providers, contact support.
Unfortunately, we cannot migrate your tailnet from/to GitHub or Apple as an identity provider.
What Tailscale accesses from identity providers
Tailscale requests the minimum access needed to function. Tailscale only
uses your organization's team membership to ensure users can join the
tailnet for their organization.
With the GitHub identity provider, Tailscale requests the minimum set of permissions needed to get team membership, which includes access to your repositories and project boards. Tailscale does not use any content in your repositories or project boards.
Identity provider availability by plan
Standard identity provider integrations Advanced identity provider
integrations
Available on all plans Available on the Free, Premium, and Enterprise plans Google
Microsoft
GitHub
Keycloak
Dex
GitLab self-managed
Ory self-hosted
ZITADEL Open Source
Authentik
Apple
Authelia
Codeberg
Gitea
Okta
OneLogin
JumpCloud
Auth0
Duo
GitLab
Ory Network
Ping Identity
ZITADEL Cloud
Other custom OIDC providers
Last updated Jun 13, 2023
So I gave up and deleted the app as someone with an account on those
platforms will have to be the person to test this to help you out.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)