Migration to Policy on Resource

Resource Policies are changing to being directly associated with Resources instead of Groups.

What’s changing

Twingate is changing its Security Policies model so that Resource Policies will be directly associated with Resources instead of Groups. This change is being made in response to feedback on how our model should be Resource-centric, and thus Policies should be configured accordingly.

We are also updating our model so that a specific Group accessing a specific Resource can have a separate Policy than the Resource Policy. This allows admins to ensure that each Group has the right Policy applied when accessing a specific Resource.

No changes are needed from you to make this change; we will be rolling it out in a phased manner for all Twingate customers. For more information on the updated Policy on Resource model, see here.

How this impacts existing Groups, Resources, and Policies

In order to make this change, we are migrating over existing Policies, Groups, and Resources in the following way:

If a Resource was previously accessed by Groups using the same Security Policy, we set that Security Policy as the Resource Policy.
If a Resource was previously accessed by Groups using different Security Policies, we set the Default Policy as the Resource Policy and maintain each of the individual Policies between the specific Group and Resource.

As an example, imagine that Resource A has two Groups that have access. If today, both Groups have the same Policy (e.g. “Company Policy”), then that Resource Policy will be set as Company Policy after the migration. This means that both Groups will automatically inherit Company Policy and it’ll be applied for all users attempting to access that Resource.

If, however, the Groups currently have two separate Policies (e.g. “Company Policy” and “Contractor Policy”), then the Resource Policy will be set as the Default Policy after the migration. Additionally, the two Groups will have their Policies maintained: Contractor Group will use Contractor Policy and Company Group will use Company Policy.

Impact on APIs and Terraform

We are ensuring backwards compatibility with existing APIs and Terraform. Therefore, if you have existing APIs and Terraform code that are managing your Groups, Resources, and Policies, we will map them to the updated model.

FAQ

We will be rolling out the changes over the next few weeks. To see if you have the updated Policies configuration, you can navigate to a Resource and confirm if there’s a Resource Policy listed in the left-hand column.

In addition, the following pages are also being updated:

The Resources table has an optional column to show the Resource Policy
On each Group detail page, we list the Policy being applied next to each Resource
On the Policy page, we list the Resources using that Policy as the Resource Policy

Last updated 5 months ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases