Identity Providers

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Twingate supports Google Workspace for all product plans, as well as a number of popular identity providers in our Business and Enterprise product plans. For detailed setup and configuration steps, select an IdP from the section below.

Entra ID (formerly Azure AD)

Google Workspace

Okta

OneLogin

JumpCloud

Keycloak

Twingate can allow users to be automatically added or synced from a linked identity provider’s user directory, while also allowing users who use social logins (e.g. Google or LinkedIn) to be manually added by an admin. This can be useful if you need to provide access to external parties like contractors who don’t have accounts that are managed through your identity provider. To enable this functionality for your Twingate account, please Contact Us.

Changing the Identity Provider

If you wish to change the identity provider linked to your Twingate account, you can do so via the Identity Provider page under your account’s Settings. From the options on your configured identity provider, you can disconnect the integration. When the identity provider is disconnected, all users and synced groups will be removed. You will be required to input an email address of the new user that will be set as the admin. This user must be able to log in via one of the supported social login options (Google, Microsoft, Github, or LinkedIn).

After you disconnect the identity provider, you can re-authenticate into the Admin Console via the email address you inputted. To set up a new identity provider, you can navigate back to the Identity Provider page.

Offboarding Users

There are situations where you will need to offboard users from your Twingate account. When using an enterprise identity provider, the offboarding process involves managing the user within the IdP and ensuring that changes are synchronized with Twingate. For more information on offboarding users, see the Offboarding Users page.

Twingate Universal 2FA

Regardless of your identity provider, we recommend using Twingate’s native 2FA functionality. This enables precise control over when a two-factor challenge is issued, allowing 2FA to be applied to any network resource with no application configuration required.

Instructions on setting up native Twingate 2FA can be found here.

Last updated 5 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Resource Tags

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription