leviathonbeast/ionscale
1
0
Fork 0
mirror of https://github.com/jsiebens/ionscale.git synced 2026-03-31 15:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update docs

Browse Source
This commit is contained in:
Johan Siebens
2025-04-27 09:21:50 +02:00
parent 0127b027f6
commit 2116b38ae5
1 changed files with 15 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mkdocs/docs/getting-started/tailnet.md
+15 -28
View File
@@ -82,52 +82,39 @@ Example policy.json file:
## Connecting devices to your tailnet ## Connecting devices to your tailnet
How devices connect to your tailnet depends on your authentication configuration: There are two main methods to connect devices to your tailnet:
### Using OIDC authentication ### Interactive login
If OIDC is configured, users with access (based on the IAM policy) connect via web authentication: When you have an OIDC provider configured, users can connect to their tailnet through an interactive web authentication flow:
```bash ```bash
tailscale up --login-server=https://ionscale.example.com tailscale up --login-server=https://ionscale.example.com
``` ```
This opens a browser window where users authenticate with the OIDC provider. After successful authentication, if the user has access based on the tailnet's IAM policy, the device will be connected. This opens a browser window where the user authenticates with the OIDC provider. After successful authentication, if the user has access based on the tailnet's IAM policy, the device will be connected to the tailnet.
### Using auth keys !!! note
Interactive login requires an OIDC provider to be configured on your ionscale instance.
Auth keys allow devices to join a tailnet without interactive authentication. This is useful for automated deployments, servers, or environments where browser-based authentication isn't practical. ### Using pre-authentication keys
There are two main scenarios for creating auth keys: Pre-authentication keys (auth keys) allow devices to join a tailnet without interactive authentication. This is useful for automated deployments, servers, or environments where browser-based authentication isn't practical.
#### Without OIDC configured To create an auth key:
When OIDC is not configured, a system administrator must create auth keys with appropriate tags:
```bash ```bash
# Create an auth key with a tag # Create an auth key
ionscale auth-key create --tailnet "my-first-tailnet"
# Create an auth key with specific tags
ionscale auth-key create --tailnet "my-first-tailnet" --tags "tag:server" ionscale auth-key create --tailnet "my-first-tailnet" --tags "tag:server"
``` ```
The tags assigned to the key will determine what network access the device has once connected, based on your ACL rules. The tags assigned to the key will determine what network access the device has once connected, based on your ACL rules.
#### With OIDC configured !!! note
In environments with OIDC, users with access to a tailnet can create auth keys for that tailnet. Without OIDC, only system administrators can create keys.
When OIDC is configured, any user with access to a tailnet can create auth keys for that tailnet:
```bash
# As an authenticated user, create an auth key
ionscale auth-key create --tailnet "my-first-tailnet"
```
Additionally, system administrators can create auth keys with specific tags:
```bash
# As a system administrator, create a key with tags
ionscale auth-key create --tailnet "my-first-tailnet" --tags "tag:database"
```
#### Connecting with auth keys
To connect a device using an auth key: To connect a device using an auth key: