I only do self-hosted options so it might be a while before I really tinker with Wireguard. I've looked into setting it up but it does not meet my needs today for dynamic mesh routing and requires much of the system configuration of OpenVPN or Strongswan albeit simpler configuration but the same concepts still apply.
My preferred ideal dream setup would be if the Tinc open source VPN had integration with OpenLDAP for ID management and could leverage Wireguard for speed. I am not a proper developer so I can only wish for such a thing or maybe pay someone to make this. Tinc has awesome user-space dynamic mesh routing but lacks user management and is slow compared to Strongswan/OpenVPN. Wireguard is fast. OpenLDAP can back-end ID management for just about anything, especially when combining it with oauth/saml and can be integrated into just about anything and that works for me because I am a fan of decentralized and/or distributed systems.
Sounds like you are looking for a self hosted ZeroTier or Tailscale.
It does not appear that Tailscale is an identity provider but rather integrates into commercial ID providers? Do they integrate into OpenLDAP or into OAuth/SAML providers that are in front of OpenLDAP?
[Edit] Answering my own question. Custom SAML providers are only supported with the Enterprise edition. [1]