Compare · vs Twingate

Zero-trust proxy vs identity-rooted overlay.

Twingate is an excellent zero-trust remote-access product: a per-application proxy gated by an IdP. Beacons is a peer-to-peer mesh with identity and policy at every node. They solve adjacent problems and you can run both.

Different shape

Twingate uses connectors at protected resources and clients on users' devices, with traffic relayed through the Twingate control plane. There is no overlay — there is a tunnel per application.

Beacons is a peer-to-peer overlay where every peer is a first-class node in the mesh, with addressable identity and routable virtual IP.

Identity

Twingate identity is rooted in your corporate IdP — Okta, Azure AD, Google Workspace.

Beacons identity is `did:oas`, with optional federation to corporate IdPs at the human-root layer. Agents and machines do not need an IdP account.

When Twingate is the right call

If your problem is 'a workforce of humans needs to access a small set of internal applications, with strong IdP integration', Twingate is excellent. If your problem also includes 'and a fleet of agents and IoT devices need to be peers,' you will want Beacons next to it.

Open a fleet

The mesh that fits agents and humans.

A `did:oas`-rooted private mesh that ships peer configurations to any device, anywhere, by policy — not by hand.

Open consoleRead the quickstart