Teleport Access Plane

Access Workflows

Allow users to request privilege escalation using access workflows. Approve or deny requests via Slack, PagerDuty, and other ChatOps tools. Define custom access workflows via the API using a favorite programming language.

Feature Overview

Move away from roots and admins

Access workflows allow for the implementation of the principle of least privilege, which states that a client should be given only those privileges needed for it to complete the task at hand. This removes the need for super-privileged accounts.

access workflows

Leverage existing tools

Access workflows integrate with the tools already in use, such as Slack, PagerDuty, and others. This allows security teams to approve or deny requests quickly and avoids frustration for engineers who need to get the job done.

slack approval

Customized fit

The Teleport API allows developers to define custom access workflows using a programming language they are familiar with. Teleport follows the “access as code” philosophy instead of “access as configuration”.

# use your favorite programming language
def process_request(req):

#  grant admin only on registered computers
if req.roles.contains("admin") and registered_computer(req.user):
  raise AccessDenied("use registered computer for privileged access")

# contractors should provide a valid ticket    
if req.traits['team'] == "contractor" && not jira.get_ticket(req.note):
  raise AccessDenied("provide an active JIRA ticket")

Youtube Demo Video

Native Demo Video


Teleport reduces the operations and the support burden normally associated with on-premises software. The product also decreases the time it takes to adopt open source technology while enabling consistent application environments across deployments.

Helgi Þorbjörnsson
Helgi Þorbjörnsson Principal Architect, MuleSoft
Read the Mulesoft Case Study

Works with everything you have

Teleport is open source and it relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single-binary it seamlessly integrates with the rest of your stack.

Google Cloud
Google Cloud
Free BSD
One Login
One Login
Active Directory

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.

  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
# on a client
$ tsh login

# on a server
$ apt install teleport

# in a Kubernetes cluster
$ helm install

Try Teleport today

In the cloud, self-hosted, or open source

View developer docs

This site uses cookies to improve service. By using this site, you agree to our use of cookies. More info.