diff --git a/lib/auth/tun.go b/lib/auth/tun.go
index 3de5ae6a21232..c66ed0c8ae649 100644
--- a/lib/auth/tun.go
+++ b/lib/auth/tun.go
@@ -42,7 +42,7 @@ import (
 
 // dialRetryInterval specifies the time interval tun client waits to retry
 // dialing the same auth server
-const dialRetryInterval = time.Duration(time.Millisecond * 50)
+const dialRetryInterval = 100 * time.Millisecond
 
 // AuthTunnel listens on TCP/IP socket and accepts SSH connections. It then establishes
 // an SSH tunnell which HTTP requests travel over. In other words, the Auth Service API
@@ -621,7 +621,7 @@ func (c *TunClient) GetDialer() AccessPointDialer {
 			if err == nil {
 				return conn, nil
 			}
-			time.Sleep(dialRetryInterval * time.Duration(attempt))
+			time.Sleep(4 * time.Duration(attempt) * dialRetryInterval)
 		}
 		log.Error(err)
 		return nil, trace.Wrap(err)
diff --git a/lib/service/service.go b/lib/service/service.go
index 35afbd7489865..cf10e9e829ae7 100644
--- a/lib/service/service.go
+++ b/lib/service/service.go
@@ -66,6 +66,8 @@ const (
 	// TeleportExitEvent is generated when someone is askign Teleport Process to close
 	// all listening sockets and exit
 	TeleportExitEvent = "TeleportExit"
+	// AuthIdentityEvent is generated when auth's identity has been initialized
+	AuthIdentityEvent = "AuthIdentity"
 )
 
 // RoleConfig is a configuration for a server role (either proxy or node)
@@ -330,23 +332,35 @@ func (process *TeleportProcess) initAuthService(authority auth.Authority) error
 			auth.SetLimiter(limiter),
 		)
 		if err != nil {
-			utils.Consolef(cfg.Console, "[PROXY] Error: %v", err)
+			utils.Consolef(cfg.Console, "[AUTH] Error: %v", err)
 			return trace.Wrap(err)
 		}
 		if err := authTunnel.Start(); err != nil {
 			if askedToExit {
-				log.Infof("[PROXY] Auth Tunnel exited")
+				log.Infof("[AUTH] Auth Tunnel exited")
 				return nil
 			}
-			utils.Consolef(cfg.Console, "[PROXY] Error: %v", err)
+			utils.Consolef(cfg.Console, "[AUTH] Error: %v", err)
 			return trace.Wrap(err)
 		}
 		return nil
 	})
 
-	// Heart beat auth server presence, this is not the best place for this
-	// logic, consolidate it into auth package later
-	var authClient *auth.TunClient
+	process.RegisterFunc(func() error {
+		// Heart beat auth server presence, this is not the best place for this
+		// logic, consolidate it into auth package later
+		connector, err := process.connectToAuthService(teleport.RoleAdmin)
+		if err != nil {
+			return trace.Wrap(err)
+		}
+		// External integrations rely on this event:
+		process.BroadcastEvent(Event{Name: AuthIdentityEvent, Payload: connector})
+		process.onExit(func(payload interface{}) {
+			connector.Client.Close()
+		})
+		return nil
+	})
+
 	process.RegisterFunc(func() error {
 		srv := services.Server{
 			ID:       process.Config.HostUUID,
@@ -389,7 +403,6 @@ func (process *TeleportProcess) initAuthService(authority auth.Authority) error
 	process.onExit(func(payload interface{}) {
 		askedToExit = true
 		authTunnel.Close()
-		authClient.Close()
 		log.Infof("[AUTH] auth service exited")
 	})
 	return nil