Deploy and Host tsidp on Railway

tsidp is an OIDC / OAuth Identity Provider (IdP) server that integrates with your Tailscale network. It allows you to use Tailscale identities for zero-click authentication into applications that support OpenID Connect as well as authenticated MCP client / server connections.

About Hosting tsidp

To any application that supports a custom auth provider, tsidp presents itself as an IdP just like Google, Entra ID, Okta, etc. After registering a locally hosted or SaaS application with tsidp and configuring tsidp as the auth provider, users authenticating into the app will be redirected to tsidp, their identity verified, and then immediately redirected back.

Common Use Cases

Use tsidp to seamlessly authenticate into internal and external services that support OIDC including: Grafana, Proxmox, open-webui, Salesforce, and others.

Dependencies for tsidp Hosting

• A Tailscale tailnet
• (Optional) A tailscale auth key

Deployment Dependencies

See the application capability section in the tsidp repo for more information on the required tailscale ACL changes to run tsidp.

Why Deploy tsidp on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying tsidp on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.