Tailscale SCIM Key

Description

General

• Documentation: https://tailscale.com/learn/what-is-scim/
• Summary: Tailscale is a zero-configuration virtual private network (VPN) solution, making it simple to create secure networks between computers, servers, and cloud instances. A SCIM API key allows the customer to authenticate an identity provider, such as Microsoft Entra ID and Okta, and the tailnet for user & group provisioning.
• IPs allowlist: IP allowlists (or Block lists) are possible, see Tailscale IP Block lists.
• Scopes: This key grants access to applications in the tailnet using the Tailscale API.

Revoke the secret

The SCIM API key can be revoked in the User management page of the admin console, and click Manage keys. In the Provisioning keys dialog, click Revoke.

Check for suspicious activity

Keys and secrets activity can be monitored in the Logs page of the Tailscale admin consoles.

Details for Tailscale scim key

• Family: Api

• Category: Remote access

• Company: Tailscale

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: very rare

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - tskey-scim-

Examples

- text: "+TAILSCALE_SCIM_KEY = 'tskey-scim-k1HrMT4FkgX7-DkZMwZ89v77AkJCVCBgxiTvUAfAGmISiG'"
  apikey: tskey-scim-k1HrMT4FkgX7-DkZMwZ89v77AkJCVCBgxiTvUAfAGmISiG

# Fat-fingered secret
- text: Xtskey-scim-k1HrMT4FkgX7-DkZMwZ89v77AkJCVCBgxiTvUAfAGmISiG
  apikey: tskey-scim-k1HrMT4FkgX7-DkZMwZ89v77AkJCVCBgxiTvUAfAGmISiG