Fork me on GitHub

OAuth2 / OIDC Authentication for SSH


This guide will explain how to configure an SSO provider using OpenID Connect (also known as OIDC) to issue SSH credentials to a specific groups of users. When used in combination with role based access control (RBAC) it allows SSH administrators to define policies like:

  • Only members of "DBA" group can SSH into machines running PostgreSQL.
  • Developers must never SSH into production servers.
  • ... and many others.

This guide requires Teleport Cloud or Teleport Enterprise.

View this guide as the user of another Teleport edition: