Identity Providers
Twingate supports Google Workspace for all product plans, as well as a number of popular identity providers in our Business and Enterprise product plans. For detailed setup and configuration steps, select an IdP from the section below.
Twingate can allow users to be automatically added or synced from either a single or multiple identity provider’s user directory, while also allowing users who use social logins (e.g. Google or LinkedIn) to be manually added by an admin. This can be useful if you need to provide access to external parties like contractors who don’t have accounts that are managed through your identity provider.
Changing the Identity Provider
If you wish to change the identity provider linked to your Twingate account, you can do so via the Identity Provider page under your account’s Settings section. Twingate accounts support multiple identity providers and social login providers, allowing you to configure separate identity providers or even sync multiple instances of the same identity provider. You can disconnect any identity provider from your account through the options section of your configured identity provider. When the identity provider is disconnected, all users and synced groups will be removed.
If removing the identity provider would remove all admins on the account, you will be required to input an email address of a new user that will be set as the admin. This user must be able to log in via one of the supported social login options (Google, Microsoft, Github, or LinkedIn).
After you disconnect the identity provider, you can re-authenticate into the Admin Console via the email address you inputted. To set up a new identity provider, you can navigate back to the Identity Provider page.
Connect Your First Identity Provider
If you have social login enabled and begin setting up an identity provider, you’ll be prompted to either keep or remove your social login users. We recommend removing them to ensure a smoother transition to your new identity provider.
Multiple Identity Providers
Multiple identity providers may need to be connected to your Twingate account to support tool migration, contractor use cases, subsidiaries, etc. From your account, you can choose to configure multiple identity providers as well as multiple instances of the same identity provider.
If needed, you can rename the identity providers so that it’s easier to manage and track the source of each user. When removing an identity provider, the only requirement is that a user with admin privileges will remain on the account. You can see the source of each user by viewing the Teams page and filtering by Source.
Offboarding Users
There are situations where you will need to offboard users from your Twingate account. When using an enterprise identity provider, the offboarding process involves managing the user within the IdP and ensuring that changes are synchronized with Twingate. For more information on offboarding users, see the Offboarding Users page.
Twingate Universal 2FA
Regardless of your identity provider, we recommend using Twingate’s native 2FA functionality. This enables precise control over when a two-factor challenge is issued, allowing 2FA to be applied to any network resource with no application configuration required.
Instructions on setting up native Twingate 2FA can be found here.
Last updated 14 minutes ago