Simplifying Zero Trust Security for AWS with Teleport
Jan 23
Virtual
Register Now
Teleport logoTry For Free
Fork me on GitHub

Teleport

TeleportUser

This guide is a comprehensive reference to the fields in the TeleportUser resource, which you can apply after installing the Teleport Kubernetes operator.

resources.teleport.dev/v2

apiVersion: resources.teleport.dev/v2

FieldTypeDescription
apiVersionstringAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kindstringKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadataobject
specobjectUser resource definition v2 from Teleport

spec

FieldTypeDescription
github_identities[]objectGithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity
oidc_identities[]objectOIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity
roles[]stringRoles is a list of roles assigned to user
saml_identities[]objectSAMLIdentities lists associated SAML identities that let user log in using externally verified identity
traitsobjectTraits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables.
trusted_device_ids[]stringTrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only. Managed by the Device Trust subsystem, avoid manual edits.

spec.github_identities items

FieldTypeDescription
connector_idstringConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrlstringSAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
usernamestringUsername is username supplied by external identity provider

spec.oidc_identities items

FieldTypeDescription
connector_idstringConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrlstringSAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
usernamestringUsername is username supplied by external identity provider

spec.saml_identities items

FieldTypeDescription
connector_idstringConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
samlSingleLogoutUrlstringSAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
usernamestringUsername is username supplied by external identity provider