Multiple tailnets support for isolated machine-to-machine communication

At Sourcegraph, we are building a single-tenant Cloud solution. Some of our customers are running their code host within a private network environment, and we are looking to utilize tailscale to securely connect Cloud instances with each customer private code host.

Given our single-tenant approach, we cannot use shared tailnet with ACL to acommandate all customers. We would like the ability to have arbitrary number of tailnets under the same account.

According to the docs, this is currently impossible and everything is tied to a specific IDP (e.g. GSuite). Is this something on tailscale roadmap? Happy to chat more and provide context.

1 Like

Iā€™m just spitballing, but perhaps you have the customer provide an pre-authorized key and you use it on your side. They would have control over the access on their end, so that may or may not be what you want in a managed product.