The Open Infrastructure Access Platform

The easiest, most secure way
to access all your infrastructure.

Get Started

What is Teleport?

The open source access platform used by DevSecOps teams for SSH, Kubernetes, databases, internal web applications and Windows. Teleport prevents phishing by relying on biometrics and machine identity, stops attacker pivots with the Zero Trust architecture, is compatible with everything you have, comes as a cloud service or a self-hosted option and doesn't get in the way of an engineer's productivity.

600 total
Add Server
⟵ tunnelregion: us-west-1
⟵ tunnelregion: sa-east-1
⟵ tunnelregion: us-west-2
⟵ tunnelregion: eu-west-1
⟵ tunnelregion: us-east-1
RDS PostgreSQLenv: devpostgres
Self-hosted MongoDBenv: dev-1mongodb
GCP SQL Postgresenv: prodsql
Self-hosted CockroachDBenv: prodcrdb
Self-hosted Mysqlenv: dev-2mysql
env: stg2region: us-west-2
https://dev.runteleport.comenv: dev
https://grafana.runteleport.comenv: work
https://jenkins.runteleport.comenv: work
https://meta.runteleport.comenv: dev
https://gitlab.runteleport.comenv: dev
Windowsname: Base
Windows Prodname: Prod
Windows Devname: Dev
Windows Bizopsname: Biz
Windows Sysname: Sys
alice5 mins
bob7 mins
slack-plugin10 mins
terraform5 mins
eve7 mins
terraformLocal User
slackLocal User
accessLocal User

Why Teleport

Complexity + Scale = Risk

breaches due to shared secrets

of organizations still use shared secrets as their main access method

are not confident ex-employees don't have access to company infrastructure

Dynamic inventory of everything you have

Teleport provides an automated and holistic view of all privileged infrastructure resources within your organization. This eliminates access silos, protects from impersonation attacks and provides a single place to manage policy.

Trusted infrastructure

Self-updating inventory of privileged resources: servers, cloud instances, databases, Kubernetes clusters, and internal webapps.

Trusted client devices

Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and other phishing-resistant MFA devices.

Worldwide view

The inventory supports IoT devices, multiple clouds, on-premise environments and the private environments of your clients.

Screenshot of inventory view

Secretless access to everything

Secrets such as passwords, private keys, and browser cookies are the #1 source of data breach. They are vulnerable to phishing attacks, credential sharing, theft, client device loss and other forms of human errors. Teleport doesn’t use secrets.

Biometrics for humans

Phishing-resistant MFA and passwordless authentication supporting Touch ID, YubiKey Bio and other supported devices.

Machine Identity

No more private host keys. Embrace strong machine identities for service accounts, CI/CD automation and microservices. Teleport Machine ID can be hardened by HSM or virtual HSM.

Short-lived certificates

Built-in certificate authority for X.509 and SSH certificates for all resources, including legacy systems. Teleport PKI infrastructure is fully automatic and does not require management.

Graphic of an id card, access key and fingerprint

One place to manage all privileges

Break access silos. Consolidate privileges for humans and machines across all protocols and resource types in one place. Lower the operational overhead of managing access and enforcing policy.

Access requests

Implement the principle of least privilege, when a client is temporarily given only minimal privileges to complete the task. How does this work?

Dual authorization

FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly privileged actions must be approved by multiple authorized team members.

Session sharing and moderation

An interactive session can contain multiple simultaneous clients. Highly privileged sessions can be configured to always include a moderator to prevent a single client from being a point of failure.

Access request terminal

True Zero Trust

Move away from network-based perimeter security and prevent attackers from pivoting. Teleport implements Zero Trust on the application level, enforcing authentication and encryption natively for all protocols.

Zero network exposure

Critical infrastructure resources do not need to listen on the network. They are accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.

Universal connectivity

Manage access to remote devices running on 3rd party networks behind NAT with latency-optimized routing.

Trust federation

Multiple organizations can manage trust across teams and securely access shared infrastructure via role mapping.

Teleport identity aware proxy diagram

Consolidated visibility and audit

Collect all security events generated by humans and machines across your entire infrastructure in one place and export to any SIEM or threat detection platforms for further analysis.

Rich Audit Logs

Security logs are collected on the application level, giving you rich protocol-native context for what happened and who’s responsible.

Session recordings

Interactive sessions for all protocols are recorded and can be replayed in a YouTube-like interface.

Real-time live sessions

See what is happening with every active authenticated connection across all resources in your entire infrastructure. Interfere if needed.

Terminal window with SQL query and window with Json data

Cloud-native privileged access management

Modern cloud-native infrastructure is elastic, ephemeral and automated with code. Teleport is designed to natively fit into the modern DevOps workflow.

Policy as code

Extend Teleport access approval workflows with code using programming language you’re familiar with.

Flexible login rules

Customize the SSO flow with configurable login rules and role templates.

DevOps integrations

Approve access requests using the tools you already have, such as Slack, PagerDuty and others. This allows security teams to approve or deny requests quickly and avoids frustration for engineers who need to get the job done.

Example window of an access request with python code

Why Use Teleport

Before and after Teleport

Before Teleport

Without Teleport, engineers must access infrastructure using an insecure and cumbersome mix of VPNs, bastions, secrets and legacy PAM solutions, each with its own access control and audit layer. Visibility is minimal and the risk of error is high. Controlling permissions for services connected to your infrastructure is just as complex.

After Teleport

With Teleport, every connection across your global infrastructure passes through Teleport’s Identity-Aware Access Proxy where it is authenticated and authorized based on human or machine identity. Because engineers and services are treated the same, you have complete visibility and control over every connection without managing different access control systems. And because Teleport bases authn/z on identity instead of static credentials like keys and passwords, it is more secure, cost effective to scale and easier to use.

Before Teleport diagram
After Teleport diagram

Works with everything you have

Teleport integrates with over 170 cloud based resources

Our vision for Teleport Terminal is to become the universal user interface for everything in the cloud. Below is the list of the resources it supports, and we’ll be adding new protocols quickly:

...and many more

# on a client$ tsh login
# on a server$ apt install teleport
# in a Kubernetes cluster$ helm install

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.

  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport

Try Teleport today

In the cloud, self-hosted, or open source.
View developer docs

Get Started