Azure AD Security Groups

Apologies in advance if I have missed the article in the documentation. Have personally used TS for a couple of years and am now setting up a POC for business use. Rather than creating groups based on email in the ACL configuration, wondering if it’s possible to use the iDP (Azure AD) security groups as groups for access control rules?


Support for synchronizing group definitions from an identity provider for use in ACLs is coming, tracked in Sync identity provider groups and user deactivations from Okta and Active Directory using SCIM · Issue #979 · tailscale/tailscale · GitHub which you could subscribe to for updates. Okta support is further along, Active Directory would come somewhat later.

Ah excellent - thanks, will keep an eye on the progress and status.