{"slug":"control-ai-access","title":"Control AI access","tags":["tailscale","access-control"],"agent_summary":"Last validated: Apr 9, 2026","trigger_phrases":[],"runnable":false,"markdown":"\r\n# Control AI access\r\n\r\nLast validated: Apr 9, 2026\r\n\r\nAperture by Tailscaleis currently [in alpha](https://tailscale.com/docs/reference/tailscale-release-stages#alpha).\r\n\r\nAperture uses [Tailscale's identity layer](https://tailscale.com/docs/concepts/tailscale-identity) to automatically authenticate users. Control which users can reach the Aperture instance through tailnet access controls, then use Aperture grants to define which models each user or group can access. Aperture is deny-by-default: without grants, users can connect but cannot access any models.\r\n\r\nFor background on how identity and grants work, refer to [How Aperture works](https://tailscale.com/docs/aperture/how-aperture-works).\r\n\r\n[**Control model access** \\\\\r\n\\\\\r\nConfigure Aperture grants to control which models each user or group can access.](https://tailscale.com/docs/aperture/how-to/grant-model-access) [**Grant access to MCP tools** \\\\\r\n\\\\\r\nConfigure Aperture grants to control which MCP tools, resources, and templates users can access.](https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access) [**Set up admin access** \\\\\r\n\\\\\r\nConfigure administrator roles for managing Aperture settings and accessing all user data.](https://tailscale.com/docs/aperture/how-to/set-up-admin-access)\r\n\r\n![Project Logo](https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed)\r\n\r\nAsk AI\r\n\r\nreCAPTCHA\r\n\r\nRecaptcha requires verification.\r\n\r\nprotected by **reCAPTCHA**\r\n","html":"<h1>Control AI access</h1>\n<p>Last validated: Apr 9, 2026</p>\n<p>Aperture by Tailscaleis currently <a href=\"https://tailscale.com/docs/reference/tailscale-release-stages#alpha\">in alpha</a>.</p>\n<p>Aperture uses <a href=\"https://tailscale.com/docs/concepts/tailscale-identity\">Tailscale's identity layer</a> to automatically authenticate users. Control which users can reach the Aperture instance through tailnet access controls, then use Aperture grants to define which models each user or group can access. Aperture is deny-by-default: without grants, users can connect but cannot access any models.</p>\n<p>For background on how identity and grants work, refer to <a href=\"https://tailscale.com/docs/aperture/how-aperture-works\">How Aperture works</a>.</p>\n<p><a href=\"https://tailscale.com/docs/aperture/how-to/grant-model-access\"><strong>Control model access</strong> \\\r\n\\\r\nConfigure Aperture grants to control which models each user or group can access.</a> <a href=\"https://tailscale.com/docs/aperture/how-to/grant-mcp-tool-access\"><strong>Grant access to MCP tools</strong> \\\r\n\\\r\nConfigure Aperture grants to control which MCP tools, resources, and templates users can access.</a> <a href=\"https://tailscale.com/docs/aperture/how-to/set-up-admin-access\"><strong>Set up admin access</strong> \\\r\n\\\r\nConfigure administrator roles for managing Aperture settings and accessing all user data.</a></p>\n<p><img src=\"https://cdn.brandfetch.io/tailscale.com/fallback/lettermark/theme/dark/h/256/w/256/icon?c=1bfwsmEH20zzEfSNTed\" alt=\"Project Logo\"></p>\n<p>Ask AI</p>\n<p>reCAPTCHA</p>\n<p>Recaptcha requires verification.</p>\n<p>protected by <strong>reCAPTCHA</strong></p>\n"}