Teleport
Introduction to Teleport
Version preview- Older Versions
Teleport is the easiest and most secure way to access and protect all your infrastructure.
The Teleport Access Platform is a suite of software and managed services that delivers on-demand, least-privileged access to infrastructure on a foundation of cryptographic identity and Zero Trust, with built-in identity security and policy governance.
Use cases
Organizations use the Teleport Access Platform to:
- Eliminate infrastructure and access silos: Teleport provides a single system for role-based access controls, audit, and access for all of your infrastructure, from cloud provider APIs to Kubernetes clusters.
- Introduce Zero Trust with theft-resistant credentials: Teleport authenticates access to all of your infrastructure with short-lived certificates, verified at every endpoint. You can roll out a Zero Trust strategy for your organization by setting up Teleport alone.
- Address complex compliance needs: Teleport allows you to satisfy compliance frameworks like SOC 2, ISO 27001, and FedRAMP with no need for additional tooling or process changes.
Products
The Teleport Access Platform consists of three products:
- Teleport Access provides on-demand, least privileged access, on a foundation of cryptographic identity and Zero Trust.
- Teleport Identity hardens your infrastructure with identity governance and security.
- Teleport Policy unifies and controls access policies across all of your infrastructure.
Teleport Access
Teleport Access provides Zero Trust connectivity to all of your infrastructure. You can enable users to access servers, databases, and other infrastructure components over the public internet, even if those components are protected behind a firewall.
All infrastructure resources belong to a unified inventory, with a single role-based access controls system to allow for least-privilege access. You can enable users to authenticate to resources using Single Sign-On providers like Okta, and Teleport itself can act as an identity provider for external services. Connectivity takes place through short-lived credentials that Teleport components verify through strong cryptographic techniques.
Get started with Teleport Access:
- Enroll resources to protect with Teleport using cryptographic identity.
- Set up passwordless authentication to enable users to access resources with hardware keys, including biometric credentials like Touch ID and YubiKey Bio.
- Integrate your Single Sign-On provider: Allow users to access infrastructure resources with IdPs like Okta.
- Use Teleport as an identity provider to authenticate to external services.
- Issue and govern identities for automated systems using Machine ID.
Teleport Identity
Teleport Identity is an add-on to Teleport Access that offers identity governance and security for all of your infrastructure. You can provide users with less-privileged roles by default, requiring any user who wants additional permissions to request them for a limited time. This approach leaves no permanent admin roles for attackers to target.
As an additional layer of protection against phishing and exfiltration, you can restrict access to users with trusted devices. And during active security incidents, you can lock down specific users, roles, infrastructure resources and more, letting you contain the security incident with minimal disruption. An audit log provides visibility into access patterns, so you can identify weak restrictions and potential security breaches.
Get started with Teleport Identity:
- Access Requests: Temporarily provision minimal privileges to complete a task.
- Access Lists: Regularly audit and control membership to specific roles and traits, which then tie easily back into Teleport's existing RBAC system.
- Device Trust: Require an up-to-date, registered device for each authentication by giving every device a cryptographic identity.
- Session & Identity Locks: Lock suspicious or compromised identities and stop all their activity across all protocols and services.
- Access Monitoring: Detect overly broad privileges and inspect sessions that are not using strong protection, such as multi-factor authentication and Device Trust.
Teleport Policy
Teleport Policy unifies and controls access policies across all your infrastructure. With Teleport Policy’s Access Graph feature, you gain insights into role-based access control policies within Teleport, your cloud providers, and critical infrastructure.
- Get started with Teleport Policy.
- Define Crown Jewels so you can track changes to your most sensitive users and resources.
- Enable Teleport Policy integrations so you can identify insecure SSH key distributions, and import RBAC rules from AWS, Entra ID, and other sources to visualize your entire RBAC configuration in on a single screen.
Architecture
The Teleport Access Platform consists of a certificate authority and identity-aware access proxy that run either on the Teleport-managed cloud or, in special cases, a self-hosted private network.
Teleport Agents, which can run on Linux servers or Kubernetes, proxy access to infrastructure resources and cloud provider APIs. Users authenticate to infrastructure resources through Teleport Agents using short-lived certificates. Certificates embed Teleport user attributes, allowing Teleport Agents to enforce role-based access controls.
Learn more: