We have been successfully using Twingate for a while now and due to the nature of our business we are tight on security, something that factored into our choice of Twingate as a secure remote access solution. However this also means that we are collated a significant number of resources across our remote networks (100’s) and in a lot of occasions we need to create multiple DNS resources to allow access to a specific product, for example something like Azure Synapse Workspace or Azure Machine Learning. Without digging into the weeds of either of these services but as an example a specific synapse workspace consists of:
A workspace instance with 4 unique endpoints (myinstancename_dev_azuresynapse_net, myinstancename-sql_sql_ondemand-azuresynapse_ net)
All of the above are needed for fully functioning access.
My feature request would allow the resources created for the above to work to be either:
Add to some sort of group that would allow them to be assigned to security groups or networks as a single set of resources, e.g. “Azure Synapse (myinstancename)”
Apply tags to resources that can be used to dynamically associate resources with the same tag to a security group or remote network.
We are finding that internal support tickets are being raised due to access issues that typically relate to missing one of several mandatory resources for a service such as Synapse.
Would others find such a feature useful? - it would be a game changer for us and how easily and consistently we manage resources and access.
Hi Phil, love to hear that Twingate has been working well for you.
We’ve been looking into ways to make managing a large number of resources easier. If you were able to group Resources together and have them share the same security groups and live in the same network, would that solve most of the issues you’ve been running into? If not, what would you need to close the gap? What else would help?
Would love to hear more about any other organizational tools you think would help you better manage resources!
Separation of responsibility - It would allow a member of an Ops team to manage the creation of resources within the admin console, but also manage the creation of a “resource collection” that wholistically represents an “application” or a “service”. The Ops team could then delegate the ability to assign that “resource collection” to security groups to other teams, possibly even restricting the ability to directly assign resources to groups.
Simplification of management - Once “resource collections” are created and configured all management of access becomes cleaner, additionally any changes to the resource required for an “application” of “service” require a single modification or addition. With the use of the APIs it would also be easier to look for ways to automate access control management through internal service support tools such as ServiceNow, ZenDesk, FreshService etc or via a more custom integration.
This would help significantly, noting that whenever we receive a support request that mentions not being able to connect to something our first triage comment is “Someone check the twingate resource assignment” and for new configurations this generally is where something was missed.
We are using Twingate exclusively with Azure hosted resources and would be very interested in any form of integration that could further integrate Twingate connectors/resources/groups/collections with Azure:
Allowing tighter alignment with Azure RBAC (role based access control) beyond the current options within SCIM
Allowing azure resource tags to control resource management within the Twingate console