This guide will explain how to configure Active Directory Federation Services (ADFS) to be a single sign-on (SSO) provider to issue SSH credentials to specific groups of users. When used in combination with role based access control (RBAC), it allows SSH administrators to define policies like:
- Only members of "DBA" group can SSH into machines running PostgreSQL.
- Developers must never SSH into production servers.
- ... and many others.
This guide requires Teleport Cloud or Teleport Enterprise.
View this guide as the user of another Teleport edition: