By default, Twingate is set up to use social logins (Google, Microsoft, GitHub, and LinkedIn) to control access. You are able to invite users through the Teams page in the Admin Console, as well as deactivate users that are no longer active. For more information on managing social logins, see the Social Logins page.

If you choose to connect a third party Identify Provider (IdP), then users are automatically synchronized from your Identity Provider and cannot be modified in the Twingate Admin Console. Any changes to users — for example, creation or deactivation — are received directly from your configured IdP via SCIM and will update Twingate immediately. For more information on managing Identity Providers, see the Identity Providers page.

When added to Twingate, all users only have access to the “Everyone” group, and unless Resource(s) are added either to the Everyone group, or users are specifically assigned to a Group, users will not have access to any Twingate Resources.

You are billed for all of your synchronized users and any service accounts you create.

Admin Users

Twingate supports three admin roles, each providing different levels of write capabilities across the Twingate Admin Console.

  • Admin users have full read and write capabilities across the entire Admin Console.
  • DevOps users have read and write capabilities in the Network tab of the Admin Console. Permissions are read-only on all other sections of the Admin Console.
  • Support users have read-only access across the entire Admin Console.

For more information, see the Admins page, which describes the different admin roles in detail and how to assign roles to users.

Last updated 4 months ago