Security Policies

Security Policies

Apr 15, 2021

We’re excited to announce Twingate Security Policies, which is a new framework to help you manage access to Resources. This will enable you to apply more granular security rules to sensitive assets. For example, you may want to require 2FA, but only for users accessing billing systems with customer financial data.

Twingate has three types of Security Policies, each of which come together to protect access to your Twingate network. Different Policy types may have different rules available to them, based on what is appropriate for the use case.

  • Resource Policies: These policies are applied to Resources at the time they are accessed by a user. Use these policies to apply extra security to more sensitive Resources on your Network. There is always one Default Policy which is applied to all new Groups by default. You can create additional Resource Policies in the Admin Console.

  • Network Sign In: This policy is applied to all users of Twingate when they attempt to log into the network. Users must fulfill the criteria in this Policy before attempting to access any Resources, even if those Resources have more permissive Security Policies than the Network Sign In policy.

  • Admin Console Sign In: This policy is only applied to Twingate administrators when they sign into the Admin Console. Admins do not need to sign into Twingate to access the Admin Console, so the Network Sign In policy is not applied here.

General Product Updates

  • Twingate now has a SOC 2 Type 2 report available on request from our team.

Minor Fixes and Improvements


  • Added Windows “Start on Login” support in 1.0.4.

  • Added support for unqualified DNS names on macOS 1.0.7 and Windows 1.0.5.

  • Fixes Sophos incompatibility issues on macOS 1.0.7.

  • Added support for Arch Linux in Linux 1.0.6.


  • Improved the speed and resiliency of Connectors when switching between different Relay cluster regions.

Admin console

  • Added wanrning for admins when attempting to create multiple Resources with the same address.

  • Added ability to disable group sync for Google Workspace.

  • Added Universal 2FA support for non-IdP configurations.