Authentication and Session Joining
Teleport gives you control over how and when users authenticate to your cluster. For example, you can configure Teleport to allow passwordless authentication with a hardware key or trust an external identity provider. You can also configure whether a user can join an existing session with a Kubernetes cluster or SSH server, and whether the user must authenticate again in order to do so.
The guides in this section show you how to configure Teleport authentication for your organization's needs:
- Harden your Cluster Against IdP Compromises: Implement cluster-wide hardening measures.
- Hardware Key Support: Hardware Key Support
- Headless WebAuthn: Headless WebAuthn
- Impersonating Teleport Users: How to issue short-lived certs on behalf of Teleport users using impersonation.
- IP Pinning : How to enable IP pinning for Teleport users
- Joining Sessions: Describes shared sessions and how to configure roles to support joining sessions in a Teleport cluster.
- Login Rules (section): Transform User Traits with Login Rules
- MFA for Administrative Actions: Require MFA checks to perform administrative actions.
- Passwordless: Learn how to use passwordless authentication with Teleport.
- Per-session MFA: Require MFA checks to initiate sessions.