Access Plane

Access Requests

Allow users to request one-time privilege escalation. Approve or deny requests via Slack, PagerDuty, and other ChatOps tools. Define custom access workflows via the API using your favorite programming language.
clicking approve for access
$ tsh request create --roles=dba \
  [email protected],[email protected] --reason="ticket #123"

# Alice
$ tsh request list

# Output
ID                                   User             Roles   Created (UTC)       Status
------------------------------------ ---------------  ------- ------------------- -------
9c721e54-b049-4ef8-a7f6-c777aa066764 [email protected]  dba 03 Apr 21 03:58 UTC PENDING

$ tsh request review --approve --reason="proceed with caution" 9c721e54-b049-4ef8-a7f6-c777aa066764
$ tsh request create --roles=dba \
  [email protected],[email protected] --reason="ticket #123"

# Alice
$ tsh request review --approve --reason="proceed with caution"

# Ivan
$ tsh request review --approve --reason="granted."
# use your favorite programming language
def process_request(req):
  #  grant admin only on registered computers
  if req.roles.contains("admin") and registered_computer(req.user):
      raise AccessDenied("use registered computer for privileged access")
  # contractors should provide a valid ticket
  if req.traits['team'] == "contractor" && not jira.get_ticket(req.note):
      raise AccessDenied("provide an active JIRA ticket")

Access Requests using Existing Tools

Approve access requests using the tools you already have, such as Slack, PagerDuty, and others. This allows security teams to approve or deny requests quickly and avoids frustration for engineers who need to get the job done.

Approvals do not have to be done manually. Implement your own access approval logic with Teleport API using your favorite programming language.

Approve access requests
Access Requests Flow
To learn more about access requests, take a look at Teleport Documentation.
request role access screen

Bob can create an access request for the dbadmin role in the Web UI or CLI.

Teleport Slackbot notification

Chatbot will notify both Alice and Ivan.

approved access request screen

Alice and Ivan can review and approve request using Web UI or CLI.

Access Requests Demo Video

Watch our demo highlighting how team members can request access to new and elevated roles. This feature is available from the CLI or the browser. Users can add reasons to requests and get these requests sent to Slack. This video features using access requests for Kubernetes and all requests are captured using the Teleport Audit log.

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs