Basic understanding of product

Hello there!

I am looking for a nice VPN solution for my small firm. Been doing a research on the internet, and tried all top-ranked solutions (which I don’t want to name here, not to be accused of some hidden advertising of competition). Now, it’s time for me to try Twingate, before I decide which one I want to use.

I started from sign-up, as with every other product (mentioned here as ‘try for free’), and here is where my first issue appeared. I was asked to sign-up with one of the IdPs, instead of providing my work e-mail. A bit surprising - anyone can explain why it works this way? And what if I did not have, or did not want to share my personal, gmail/ms/li account? Isn’t it possible just to sign-up with my work mail?

Second interesting thing is sign-in. When I finally finished sign-up (where I was in the end asked to specify my work e-mail), I wanted to sign-in. And, again, after typing my Network Name, I am left only with choice to sign-up with Google/microsoft/GitHub/LinkedIn. How do I sign-in with my account, which I created? The same story seems to go for other people - I invited my colleague, who will be an admin, and I asked him to login to the panel. And he faces the same story - he puts my Network Name, and he is given the choice to sign-in with one of 4 above, which I completely do not understand. Why he cannot sign-in with the e-mail, I used for his invitation?

The same goes for product usage, in fact. My colleague got an invitation e-mail, and information that he shall now donwload the software and join the Network. So he did, after typing the network in the app, and clicking on ‘Join the Network’, his browser opens and he is asked to sign-in with one of 4 above accounts. Why not with his account, which I created for him? What the heck…

Also, I don’t understand user management. I added the user, my colleague received invitation, but still the user in the panel is marked as ‘Pending’ (in Status column). Pending what exactly? Joining the network? This is where user gets ‘enabled’?

I did not go any further, but even the above seems to be very complicated, and not logical. Is there anyone who is willing to explain things to me, or direct me to proper documentation that explains this? Would be very grateful.

Thank you in advace!

Hi Adam,

Twingate delegates authentication to an IdP. When you sign in, Twingate uses the email associated with your IdP account to sign you into a user with the same email. In that sense, you are signing with a specific email but the email you’re using to sign in with is determined by your IdP. For example, when I sign in to Twingate with my Google account, I’m logging in to the user in my Twingate network.

With many deployments, you’ll likely choose to use a specific IdP like Okta or Google Workspace. That might make things a bit easier since once that’s set up, you’ll always use Okta or Google Workspace to sign in. You can read more about IdPs and Twingate in our documentation.

You make a really good point here that when a user is signing in, it’s unclear what Twingate user they’re signing in to. That’s extra important for an invited user who might not know which IdP to pick because they don’t know which IdP has the right email for their new account.

How could we make the sign in process better for you?

As for “Pending” - it just means a user hasn’t authenticated yet. Once a user authenticates for the first time, they’ll become “Active”.

Let me know if you have any more questions, I’m happy to answer them.