Podcast Appearances
as a reflection of your identity provider inside of your TailNet.
It's almost like a locally hosted version of your identity provider that's private to your network.
The way it works is that it leverages the fact that every connection in TailScale has your identity baked into it already.
When you provision a TailNet, you basically have to say, oh, I'm going to authenticate with Azure or G Suite or Okta or whatever.
We don't have our own IDP.
We just hook into all the ones that are commonly used out there.
Well, once we can start generating keys based on like a handshake or an interaction with your external IDP, every connection has got your identity baked into it.
And so if you're sitting inside of a tail net, you know everything that is connecting to you.
And so you can actually build a small little application that just knows everything or knows the identity of everybody.
And so with that, you can actually create effectively an OIDC provider.
So that's what TSIDP is.
You can think of it as like a locally hosted private OIDC or OAuth endpoint.
And that allows you to do all sorts of neat little things.
Like you can start plugging MCP clients and servers into it.
You can build little gateway patterns where if you need to do like token exchange,
Or if you need to do dynamic client registration, you can basically do it with DS-IDP.
So you can keep all this interesting identity management stuff private to your telnet, not expose it to an external IDP.
For instance, I have a home lab.
I have a Proxmox server on it.
When I first started using Proxmox, I set it up on Tailscale.