Hardening Infrastructure Security Against SSO Identity Provider Compromise
Jul 11
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Background image

Compare

Teleport vs. CyberArk

Companies evaluating Teleport and CyberArk are frequently considering how to address privileged access requirements. Privileged access refers to special access or abilities above and beyond that of a standard user, for example an database admin user or a site reliability engineer who needs access to a production server. Governance of privileged access enables businesses to secure their infrastructure, data and applications. Effective privileged access management is often a requirement for achieving compliance objectives like SOC2, ISO 27001, and FedRAMP.

Key Differences

CyberArk logo
Teleport
CyberArk logo

Credentials

Uses passwords to identify users. Stores passwords in a vault.

Fingerprint graphic

Identity

Teleport

Cryptographic identity

Generates cryptographic identity for all users, devices, machines, and resources, with secretless authentication. Embeds a certificate authority with KMS and HSM as a foundational part of the product architecture.

Credentials are the primary target of identity attacks. Cryptographic identity eliminates this attack surface.

CyberArk logo

Network

Depends on the network to connect users and resources.

Illustration of multiple connections connecting to one main hub

Connectivity

Teleport

Zero trust

Employs zero trust for each connection from a user or machine to a resource, as well as between resources.

Network access does not prevent bad actors from a breach and pivot strategies. Zero trust access reduces the blast radius, preventing bad actors from accessing other resources in the event of a breach.

CyberArk logo

Manual elevation

Enables elevation of privileged access through manual access request workflows. Elevated privileges are governed by credentials, with manual approval and revocation of access.

Graphic of gear spinning

Privileges

Teleport

Automated workflows, backed by short-lived certificates

All access to infrastructure is privileged. Teleport supports automation and configuration of approval workflows for access requests. Privileges are authorized with short-lived certificates, that protect access with cryptographic identity and that automatically expire at the specified time.

Flexibility in workflow configuration enables organizations to eliminate friction and reduce time to approval for access requests. Ephemeral privileges backed by certificates are a more secure, seamless way to govern on-demand access.

CyberArk logo

Limited

Traditional IT deployment with limited scalability.

Graphic of arrow pointing up to a cloud

Deployment Ease & Scalability

Teleport

Highly scalable

Teleport ships with Infrastructure-as-code cloud-native high availability multi-region deployment with Helm charts, K8s operators and modern cloud managed backends - DynamoDB, RDS, CockroachDB, Firestore, Cloud and self-hosted scales to hundreds of thousands ephemeral resources and many regions.

Teleport is designed for large-scale, cloud-native multi-region deployments in modern cloud and self-hosted environments.

CyberArk logo

Limited

Supports common IAM apps used in IT.

Graphic of small cylinders stacked on top of each other and a locked lock

Supported Infrastructure

Teleport

Broad

Supports 170+ different types of infrastructure resources, like Kubernetes, Cloud CLIs with AWS IAM, GCP and Azure support and modern cloud databases (e.g Amazon RDS, AWS DynamoDB, AWS Aurora, GCP Cloud SQL MySQL, GCP Cloud SQL PostgreSQL, Microsoft Azure PostgreSQL, Microsoft Azure MySQL, Azure Cache for Redis and many more).

Teleport is designed for modern compute infrastructure, supporting diverse access needs including SSH, databases, clouds, Kubernetes, applications, and Windows.

CyberArk logo

Impedes Productivity

Manual access request process and credential handling interferes with preferred developer workflows.

Illustration of a development terminal

Developer Experience

Teleport

Improves productivity

Integrates seamlessly with developer workflows and DevOps tools and eliminates the need to monitor different access paths and credentials, improving productivity,

Teleport eliminates the need to remember access paths or credentials, interfacing seamlessly with preferred developer tools and workflows.

CyberArk logo

Offers CIEM features

Companies that want to add identity security need to integrate additional technologies. Offers cloud entitlement management for AWS, GCP, Azure, with preferred developer workflows.

Graphic of shield with checkmark

Governance

Teleport

Unified access, identity and policy platform

Teleport offers built-in governance with Teleport Identity and Teleport Policy. Teleport policy integrates with AWS, with a developer-friendly SQL interface, with built-in threat response.

Teleport is a unified platform addressing both access and governance needs. Teleport provides a user-friendly visual mapping of access relationships, which can be queried using standard SQL.

Teleport's Unique Features

Dual Authorisation

Workflows that requires the approval of multiple team members to perform some critical actions.

Kernel-level logging

By using eBPF, Teleport enhanced session recording doesn’t just record what happens in the terminal, which can be obfuscated, but what happens down the kernel level.

Per-session MFA

Teleport supports requiring additional multi-factor authentication checks when starting a new session to protect users against compromises of their on-disk Teleport certificates. One of many extra options as part of Teleport role-based access control system, along with Device Trust and IP Pinning.

Session Moderation

Requires one or more other users to be present in a session. Depending on the requirements, these users can observe the session in real-time, participate in the session and terminate the session at will.

Session Locking

System administrators can disable a compromised user or node — or prevent access during cluster maintenance — by placing a lock on a session, user or host identity using Teleport’s API.

Strict session recordings

Administrators can optionally elect to terminate ssh sessions if there is a problem with a recording, such as a full disk error.

Common Features

Device verification

Teleport Device Trust requires that only registered devices can be used to access infrastructure resources.

SSO Support

Teleport offers a range of support for SAML and OIDC SSO Providers. Including Okta, GitHub, Microsoft Azure AD and Google Workspace.

Full Identity-provider

Teleport can be used as a complete replacement for existing identity management tools. As an SSO SAML identity provider, Teleport can be used by teams as an identity provider to access internal and Saas apps.

Conclusion

Teleport is purpose-built for modern compute infrastructure that is growing exponentially in complexity and scale. Teleport supports on-demand, least privileged access on a foundation of cryptographic identity and zero trust, with built-in identity security and policy governance. Teleport supports more than 170 different types of infrastructure technologies, and interfaces with the preferred tooling and workflows of DevOps engineers, delivering a win/win for infrastructure security and infrastructure operations teams.

Start your free 14-day Trial of Teleport here.

Try Teleport today

In the cloud, self-hosted, or open source.
View developer docs

Get Started
pam