I gave up and just setup wireguard directly instead, I don't trust Tailscale either if that's their attitude towards privacy, it's permanently marred my vision of their product.
https://tailscale.com/kb/1013/sso-providers/
> Tailscale works on top of the SSO/IDP/IAM identity provider you or your company already use.
> We don’t support sign-up with email addresses. By design, Tailscale is not an identity provider: there are no Tailscale passwords.
> Using an identity provider is not only more secure than email and password, but it allow us to automatically rotate connection encryption keys, follow security policies set by your team (e.g., 2FA), and more.
You can BYO SAML provider if you like, you'll just have to pay for it: https://tailscale.com/kb/1119/sso-saml-oidc
They don't even give the option to try to debug my own identity provider.
aka the BYO SAML feature does not exist for personal or small team/business users.
But maybe that's the point? TailScale's product is actually an identity integration layer for Wireguard? If you don't need an identity provider, Tailscale doesn't add value over Wireguard?