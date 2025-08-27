Version: 17.x

Teleport Feature Matrix

The Teleport feature matrix lists capabilities of the Teleport Infrastructure Identity Platform, organized by product.

The Teleport Identity Infrastructure Platform modernizes identity, access, and policy for infrastructure, for both human and non-human identities. Products include:

Teleport Zero Trust Access provides engineers with least privileged access to applications, servers, databases, Kubernetes clusters, and other resources across distributed infrastructures.

Teleport Machine & Workload Identity is a non-human identity management solution that secures machine-to-machine communication with short-lived certificates, access control, and auditability.

Enterprise (Cloud) Enterprise (Self-Hosted) Community Edition Service Discovery: Live inventory of machine and workload identities for CI/CD jobs, microservices, and others ✔ ✔ ✔ Issuance: Provisions cryptographic identities for machines and workloads, eliminating anonymous computing and the need for static over-privileged users and automating certificate rotation ✔ ✔ ✔ Secretless Authentication: Eliminates the need for API keys and long-term secrets with short-lived certificates. ✔ ✔ ✔ Ephemeral Authorization: With granular ABAC/RBAC for workload interactions ✔ ✔ ✔ Auditability: Audit data, exportable to SIEMs, for compliance reporting & reviews ✔ ✔ ✔ Integration: Supports open-source policy agents, dev tool APIs, and Cloud IAM. Others include Jenkins, Github actions, Terraform Cloud, AWS Roles anywhere and more. ✔ ✔ ✔ HSM and TPM support for bootstrapping, joining, and encryption ✔ ✔ ✖ Open Standards - JWT, SPIFFE, x509 and others to avoid vendor lock-in ✔ ✔ ✔ External PKI integration: Configure an external PKI hierarchy to use for issuing SPIFFE SVIDs ✔ ✔ ✖ Sigstore attestation: Enforce validation of container supply-chain security when issuing SPIFFE SVIDs ✔ ✔ ✖

Teleport Identity Governance hardens and monitors identities for both human and non-human identities.

Enterprise (Cloud) Enterprise (Self-Hosted) Community Edition JIT Access Requests: Grant only those privileges necessary to complete the task at hand. Remove the need for super-privileged accounts. ✔ ✔ Only can request roles through CLI Automatic Access Requests & Approvals: Automate pre-defined workflows based on RBAC, ABAC, or context-based authorization. ✔ ✔ ✖ Access Lists & Access Reviews: Review access requests using Slack, PagerDuty, Microsoft Teams, Jira and ServiceNow. Assign managers, automate mandatory reviews, and implement custom review logic using our API and Go SDK. Integrates with AWS Identity Center. ✔ ✔ ✖ Session & Identity Locks: Lock suspicious or compromised identities and stop all their activity across all protocols and services. ✔ ✔ ✖ Device Trust: Require an up-to-date, registered device for each authentication. Teleport uses TPMs and secure enclaves to give every device a cryptographic identity. Restrict further by resource or MDM-authorization. ✔ ✔ ✖ User & Group Provisioning & Deprovisioning (SCIM & Custom Protocols), including Okta and Entra ✔ ✔ ✖ Access Monitoring & Response: Detect overly broad privileges and inspect sessions that are not using strong protection, such as multi-factor authentication or device trust. Alert on access violations and purge unused permissions with automated access rules. ✔ ✔ ✖ Okta integration: Configure Teleport to import and grant access to Okta applications and user groups. ✔ ✔ ✖ Microsoft Entra ID directory synchronization and SSO integration ✔ ✔ ✖

Teleport Identity Security identifies & mitigates risk in access paths.

Enterprise (Cloud) Enterprise (Self-Hosted) Community Edition Access Graph: Import and analysis of AWS, Azure, Okta, Microsoft Entra, GitLab and AWS IAM roles ✔ ✔ ✖ Discover secrets, SSH Key Scanning ✔ ✔ ✖ Discover standing privileges ✔ ✔ ✖ Analyze shadow access and drift of security posture ✔ ✔ ✖ Investigate identity vulnerabilities and potential exposures ✔ ✔ ✖ Monitor critical assets with Crown Jewel Alerting ✔ ✔ ✖