Twingate was designed from the beginning with a thoughtful approach to security in mind. A key feature of Twingate's design is that no single component can independently make a decision to allow traffic to flow to another component or Resource in your Remote networks. Authorization for user access or data flow is always confirmed with a second—or even with a third—component depending on the sensitivity of the decision being authorized. By adding in delegation of user authentication to a third party Identity Provider (IdP), that separation of concerns extends even further, providing an additional layer of security to your Twingate network.
The following guide starts by covering Twingate's architecture and then dives into how Twingate encrypts traffic and guarantees that users can only securely access Resources they have been authorized to access.
Let's start with Twingate's Architecture Overview before diving into how secure, private connections are established in your Twingate network.
Updated 6 months ago