Fork me on GitHub

SSH Authentication with Azure Active Directory (AD)


This guide will cover how to configure Microsoft Azure Active Directory to issue SSH credentials to specific groups of users with a SAML Authentication Connector. When used in combination with role-based access control (RBAC), it allows SSH administrators to define policies like:

  • Only members of the "DBA" Azure AD group can SSH into machines running PostgreSQL.
  • Developers must never SSH into production servers.

The following steps configure an example SAML authentication connector matching Azure AD groups with security roles. You can choose to configure other options.

This guide requires Teleport Cloud or Teleport Enterprise.

View this guide as the user of another Teleport edition: