I have a small 3 user envionment that I would like to have access a SQL Database. I want to limit access to the SQL Database to just those 3 users (who are at home so dont have Fixed IP addressses). How to I whitelist access so access is only graanted after they have connected using Twingate? Another way to ask: How do I whitelist authenticated Twingate users, is an IP assigned to Twingate service? (Also does Twingate authenticate using Azure AD?). I have read this article but cannot quite follow it. I guess I need ti explained in a bit simpler:Whitelisting Traffic to Public Resources | Docs
In this instance, you would need a Twingate connector deployed on the network that can reach the SQL database, either privately or publicly, then you would need to adjust access to that SQL server to only be allowed from the observed IP of that connector.
Once you have that deployed, if you have the hostname or IP of the SQL server defined as a Twingate resource, as long as the users are connected to Twingate, any traffic to that SQL server will route through the connector(s) you have deployed, and be allowed in. Any other traffic would be rejected.
We do allow user auth via Azure AD within our Business tier.
Thanks Arthur. I think this explains it for me. I will follow the Quick Start video keeping this in mind. What is the alternative for auth, is it an internal Twingate authentication on the Free tier? I can perhaps start with that while testing and then go for integrated Azure AD signle sign on later on.