There’s an open source project called headscale (not written by or officially supported by tailscale’s team, but we like it) which you can point tailscale’s clients at. Then your whole system is open source. You can also avoid using a central IdP that way, if that’s what you want. (I strongly recommend caution about that, if you want good security. I know it’s not popular to say so on HN, but most people running their own IdP will do it less securely than one of the big providers. It’s a very hard job, akin to running a root CA.)
Btw, there is no IdP support in Headscale. You need to have access to the machine where you are running it, and use the CLI to register your machines (or use a authkey, ofc).
