The easiest, most secure way
to access all your infrastructure.
The open source access platform used by DevSecOps teams for SSH, Kubernetes, databases, internal web applications and Windows. Teleport prevents phishing by relying on biometrics and machine identity, stops attacker pivots with the Zero Trust architecture, is compatible with everything you have, comes as a cloud service or a self-hosted option and doesn't get in the way of an engineer's productivity.
|⟵ tunnel||region: us-west-1|
|⟵ tunnel||region: sa-east-1|
|⟵ tunnel||region: us-west-2|
|⟵ tunnel||region: eu-west-1|
|⟵ tunnel||region: us-east-1|
|RDS PostgreSQL||env: devpostgres|
|Self-hosted MongoDB||env: dev-1mongodb|
|GCP SQL Postgres||env: prodsql|
|Self-hosted CockroachDB||env: prodcrdb|
|Self-hosted Mysql||env: dev-2mysql|
|env: stg2region: us-west-2|
|Windows Prod||name: Prod|
|Windows Dev||name: Dev|
|Windows Bizops||name: Biz|
|Windows Sys||name: Sys|
Teleport provides an automated and holistic view of all privileged infrastructure resources within your organization. This eliminates access silos, protects from impersonation attacks and provides a single place to manage policy.
Self-updating inventory of privileged resources: servers, cloud instances, databases, Kubernetes clusters, and internal webapps.
Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and other phishing-resistant MFA devices.
The inventory supports IoT devices, multiple clouds, on-premise environments and the private environments of your clients.
Secrets such as passwords, private keys, and browser cookies are the #1 source of data breach. They are vulnerable to phishing attacks, credential sharing, theft, client device loss and other forms of human errors. Teleport doesn’t use secrets.
Phishing-resistant MFA and passwordless authentication supporting Touch ID, YubiKey Bio and other supported devices.
No more private host keys. Embrace strong machine identities for service accounts, CI/CD automation and microservices. Teleport Machine ID can be hardened by HSM or virtual HSM.
Built-in certificate authority for X.509 and SSH certificates for all resources, including legacy systems. Teleport PKI infrastructure is fully automatic and does not require management.
Break access silos. Consolidate privileges for humans and machines across all protocols and resource types in one place. Lower the operational overhead of managing access and enforcing policy.
Implement the principle of least privilege, when a client is temporarily given only minimal privileges to complete the task. How does this work?
FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly privileged actions must be approved by multiple authorized team members.
An interactive session can contain multiple simultaneous clients. Highly privileged sessions can be configured to always include a moderator to prevent a single client from being a point of failure.
Move away from network-based perimeter security and prevent attackers from pivoting. Teleport implements Zero Trust on the application level, enforcing authentication and encryption natively for all protocols.
Critical infrastructure resources do not need to listen on the network. They are accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.
Manage access to remote devices running on 3rd party networks behind NAT with latency-optimized routing.
Multiple organizations can manage trust across teams and securely access shared infrastructure via role mapping.
Collect all security events generated by humans and machines across your entire infrastructure in one place and export to any SIEM or threat detection platforms for further analysis.
Security logs are collected on the application level, giving you rich protocol-native context for what happened and who’s responsible.
Interactive sessions for all protocols are recorded and can be replayed in a YouTube-like interface.
See what is happening with every active authenticated connection across all resources in your entire infrastructure. Interfere if needed.
Modern cloud-native infrastructure is elastic, ephemeral and automated with code. Teleport is designed to natively fit into the modern DevOps workflow.
Extend Teleport access approval workflows with code using programming language you’re familiar with.
Customize the SSO flow with configurable login rules and role templates.
Approve access requests using the tools you already have, such as Slack, PagerDuty and others. This allows security teams to approve or deny requests quickly and avoids frustration for engineers who need to get the job done.
Without Teleport, engineers must access infrastructure using an insecure and cumbersome mix of VPNs, bastions, secrets and legacy PAM solutions, each with its own access control and audit layer. Visibility is minimal and the risk of error is high. Controlling permissions for services connected to your infrastructure is just as complex.
With Teleport, every connection across your global infrastructure passes through Teleport’s Identity-Aware Access Proxy where it is authenticated and authorized based on human or machine identity. Because engineers and services are treated the same, you have complete visibility and control over every connection without managing different access control systems. And because Teleport bases authn/z on identity instead of static credentials like keys and passwords, it is more secure, cost effective to scale and easier to use.
# on a client$ tsh login --proxy=example.com
# on a server$ apt install teleport
# in a Kubernetes cluster$ helm install
Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.
Teleport consists of just two binaries.