Teleport Access Plane

Teleport Server Access

Consolidate identity-based server access across all environments, meet compliance requirements, and have complete visibility into access and behavior.

For DevSecOps

Easily secure your servers using security best practices

Teleport delivers industry best practices for SSH access for engineers and service accounts with minimal configuration. Easily enforce MFA, RBAC, and SSO using identity-based short-lived certificates and leave SSH keys behind.
a diagram of server architecture
Certificate-based access

Certificate-centric design enables Teleport to deliver SSO, RBAC, per-session MFA, and other modern security best practices for SSH access.

Machine ID

Extend identity-based access to IT infrastructure and applications with Teleport Machine ID. It's the easiest way to issue, renew and manage SSH certificates for CI/CD automation, configuration management and other services that need SSH access.

Access requests

Move away from root accounts with just-in-time SSH privilege escalation for administrative tasks. Access requests can be approved via Slack or other supported plugins.

For compliance-minded engineers

Meet compliance requirements

Teleport was designed to continuously maintain compliance and pass audits with minimal configuration. The supported standards include SOC 2, FedRAMP, HIPAA, ISO 27001, PCI and more.
a diagram of server architecture
Advanced authorization

Use the authorization mechanism best suited for your compliance requirements such as RBAC, per-session MFA, and dual authorization for privileged operations. Even machine users are subject to authorization with Teleport.

FIPS mode

Avoid human errors using Teleport FIPS mode which rejects configuration options unless they are compliant with FIPS 140-2, also known as the Federal Information Processing Standard.

Session controls

Implement moderated sessions, enforce concurrent session restrictions, proactive session termination and identity locking across your entire infrastructure footprint.

For developers

Access that doesn't get in the way

Designed for cloud-native workloads across multiple environments, Teleport works with existing CI/CD solutions, in a terminal, and in a browser. SSH permissions are always in sync with other layers of your stack removing the need to juggle shared secrets, or hop between VPNs and multiple access points.
a diagram of server architecture
Live server inventory

With a real-time inventory of all your Linux servers in the cloud, on-prem, or edge, resource discovery and maintenance are easy.

Shared sessions

See all live interactive SSH sessions across your entire fleet. Easily join another user’s session for pair programming or debugging.

Access as code

Automate access provisioning and access request approvals using your favorite programming language.

For security professionals

Complete visibility into access and behavior

Teleport provides a live view and an audit log for server sessions, filesystem changes, data transfers, command executions, and other security events making it easy to see what’s happening and who is responsible.
Session recording

Every interactive session by an engineer or service account is recorded for future replay and can be analyzed by other tools for behavior anomalies.

Unified audit log

Consolidate all security events across all environments in a single source of truth for engineers and service accounts and export them into a SIEM solution of your choice.

Kernel-level logging

Teleport offers enhanced session recordings based on BPF events so every system call during an SSH session by an engineer or service account can be audited.

Machine-to-machine access

Give an identity to all your microservices, CI/CD automation, and service accounts

Machine ID dramatically simplifies secure machine-to-machine access via SSH and X.509 certificates with access controls and audit built in.
diagram of machine id
Manage machine users at scale

Teleport Machine ID vastly simplifies certificate management for IT infrastructure and applications, just like Let’s Encrypt simplified TLS certificate management for websites.

Unified identity for developers & machines

Teleport Machine ID unifies access policies for people and machines, reducing operational overhead and increasing security and compliance.

Reduce supply chain attack impact

Teleport Machine ID automatically implements least privilege for all machine users so you don’t have to worry about a compromised service taking over your infrastructure.

network

Enter command and press enter

initials
Servers

Servers

exit button
Applications

Applications

exit button
Kubernetes

Kubernetes

exit button
Databases

Databases

exit button
Desktop

Desktop

exit button
plus

hostname

triangle

ariel

titania

iapetus

stephano

hyperion

despina

hostname

triangle

Windows

Windows Prod

Windows Dev

Windows Bizops

Windows Sys

Windows Bkp

address

118.117.49.216

179.107.7.218

181.203.6.225

68.150.64.132

154.152.16.215

179.107.7.218

labels

arch: x86_64

env: dev

env: staging

env: prod

os: centos-8

os: rhel-8

action

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Connect

down caret

Teleport Connect

Developer-friendly browser for cloud infrastructure

Traditional terminals are optimized for accessing localhost. Teleport Connect offers enhanced user experience and identity-based access for engineers who work in the cloud.

Cloud-optimized user experience

Teleport Connect makes you feel that all cloud resources like thousands of SSH servers, Kubernetes clusters, databases, code repositories and Grafana dashboards are running on your laptop.

Identity-based security

When you access infrastructure using a traditional terminal, you inherit the identity of the localhost account and use disjointed combinations of config files, passwords and keys to access remote resources. Teleport Connect leaves passwords behind, inherits your identity from SSO and uses it for everything.

  • Awin

    Teleport makes it easy for us to access our on-prem Linux servers taking advantage of our SSO (single sign on) solution through a single access point. And, because Teleport uses short-lived certs, we avoid all of the overhead that comes with key management.

    Marcos Cherem

    Head of IT Operations, Awin

Demo Video

Works with everything you have

Teleport Server Access is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack and is fully compatible with OpenSSH and other SSH-based tooling.

aws
Amazon
gcloud
Google Cloud
azure
Azure
linux
Linux
windows2021
Windows
chef
Chef
okta
Okta
windows
Active Directory
puppet
Puppet
oneLogin
One Login
k8s
Kubernetes
ansible
Ansible

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
Terminal
# on a client
$ tsh login --proxy=example.com

# on a server

$ apt install teleport

# in a Kubernetes cluster

$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs