VPN & IT

VPN & IT Setup

Twincrest uses Tailscale for secure access from anywhere. Setup is under 10 minutes, and once you're in, it just runs in the background. Use it any time you're on a network you don't fully trust.

Download Tailscale →Contact IT support

Overview

Tailscale gives every Twincrest device a secure, private address on our internal network — no shared servers, no juggling credentials. You only need to be connected when you're accessing internal tools or working on a network outside your home (airports, coffee shops, hotels, shared offices).

All Twincrest accounts require multi-factor authentication (MFA). We recommend 1Password or Authy as your authenticator — IT can help you set it up during onboarding.

What's covered

Included
  • Tailscale on macOS, Windows, Linux, iOS, Android
  • Single sign-on via Google Workspace
  • MFA enrollment and recovery
  • 1Password Business account
  • Device management via Jamf (Mac) / Intune (Windows)
  • Security training (annual, 30 minutes)
Not included
  • Personal devices that haven't been registered
  • Jailbroken or rooted devices
  • Browser-based VPN extensions

Eligibility

All employees and contractors with access to internal systems must use Tailscale and MFA. Personal devices can be registered through IT, but must pass a security baseline check (disk encryption, OS up to date, screen lock enabled).

How it works

  1. 1

    Download Tailscale

    Get it from tailscale.com/download for your OS. It's signed and notarized — accept the system prompts.
  2. 2

    Sign in with Google

    Use your @twincrest.org account. You'll be redirected to Google SSO and prompted for MFA.
  3. 3

    Approve the device

    IT auto-approves devices that pass the security check. Manual approvals happen within a few hours.
  4. 4

    Verify access

    Try opening go/wiki or any internal tool. If it loads, you're set.
  5. 5

    Enable always-on (optional)

    In Tailscale settings, enable 'Connect at login' so you never have to think about it again.

Policy details

VPN required whenOn any non-home network (airports, cafes, coworking)
VPN required forInternal admin tools, prod databases, finance systems
Password manager1Password Business (provisioned via SSO)
MFARequired on all accounts; backup codes stored in 1Password
Device encryptionRequired (FileVault on Mac, BitLocker on Windows)
Lost deviceReport immediately — IT can remote-wipe within 15 min
Security trainingAnnual, 30 min, assigned via BambooHR

FAQ

Do I need VPN at home?

Only for admin tools, prod databases, and finance systems. Day-to-day work (Slack, Google Workspace, Notion) doesn't require it.

Tailscale is acting weird — what do I check first?

Quit and re-open Tailscale. If that doesn't work, restart your machine. If it still fails, post in #it-support with a screenshot of the Tailscale status menu.

Can I use a personal device?

Yes, if it passes the security baseline and you register it with IT. We don't manage personal devices — you keep full control.

What if I'm traveling internationally?

Tailscale works globally. Some countries restrict VPN traffic (China, UAE) — let IT know before you go and we'll send a workaround.