- Allow users to request just-in-time access to Twingate groups and resources from the web and Slack
- Set the right resource owners to delegate approvals to those with the most context
- Configure day-one access to Twingate resources with groups from your identity provider
- Automatically escalate and revoke privileged access based on on-call schedules, e.g., PagerDuty or Opsgenie
Supported resources
| Resource | Read | Grant and revoke access | Available in Risk Center |
|---|---|---|---|
| Twingate Groups | ✔️ | ✔️ | ✔️ |
| Twingate Resources | ✔️ | ✔️ | ✔️ |
Requirements
- You must be an Opal admin.
- You must be a Twingate admin with the ability to generate API tokens.
1. Generate a Twingate API token
- Log in to the Twingate Admin Console.
- Go to Settings > API.
- Click Generate Token.
- Copy the token and store it securely. The token is only displayed once.
2. Create a Twingate app in Opal
- In Opal, go to Inventory, click + App, and select Twingate.
- Fill in the following fields:
| Field | Value |
|---|---|
| App admin | The team or user that should manage the Twingate app in Opal. |
| Description | Let your end users know what they’re requesting access to. |
| Twingate network | Your Twingate network name. This is the subdomain of your Twingate URL (e.g., mycompany for mycompany.twingate.com). |
| Twingate API token | The API token you generated in Step 1. |
- Click Create. Opal validates the credentials by connecting to your Twingate network.
3. Import Twingate resources
After creating the app, import groups and resources from Twingate into Opal:- Go to your Twingate app in Inventory.
- Select … > Import items.
- Choose the groups and resources you want to manage through Opal.
User provisioning
Opal can automatically provision and deprovision users in Twingate. When provisioning is enabled, users who don’t already have a Twingate account are automatically created when they are granted access to a Twingate group or resource. Deprovisioning removes users from Twingate when their access is revoked. To configure user provisioning:- Go to your Twingate app in Inventory.
- Select Setup > Edit.
- Under Provision Twingate users, select Provision Twingate users to enable automatic user creation.
- Under Deprovision Twingate users, select Deprovision Twingate users to enable automatic user removal.
- Click Save.