Teleport Launches Identity Governance and Security
Read More
Get Started
Background image

Teleport Learn

Infrastructure Access 101
Other
Articles
Cheat Sheets and How-to Guides

Tutorial by Topic

All
Infrastructure Access 101
Connectivity
Authentication
Authorization
Audit
Other
Compare
Articles
Remote Access
Cheat Sheets and How-to Guides
AWS
AWS EKS
Kubernetes
Google Kubernetes Engine (GKE)
Azure AKS
Self-Hosted

Tutorials

Infrastructure Access 101 > Connectivity

What is TCP/IP protocol suite?

TCP/IP, also known as Internet Protocol Suite, is a collection of networking protocols that works together to transfer a data packet from one computer to another using computer networks.

Go to tutorial

Comparing TCP/IP and OSI Model

TCP/IP and OSI model serves a similar purpose - to map all the bits and pieces involved in networked communication. While OSI is the recommended standard, the internet was designed around the TCP/IP model.

Go to tutorial

How IPv4 and IPv6 works

IPv4 is a 32 bit network address scheme widely used on the internet. IPv6 is a 128 bit network address scheme designed to replace IPv4.

Go to tutorial

What is a VPN (Virtual Private Network)?

A VPN, or Virtual Private Network, is a tool that allows you to create a secure and private connection between your device and the public internet. A VPN connection will encrypt your internet traffic and route it through a remote server, keeping your activity hidden from hackers, ISPs, and any third-party with malicious intent.

Go to tutorial

Infrastructure Access 101 > Authentication

What is FIDO (Fast IDentity Online)?

FIDO, or Fast IDentity Online, is a group of open standard authentication protocols created to strengthen and simplify the security of online authentication by reducing the reliance on passwords.

Go to tutorial

What is U2F (Universal 2nd Factor)?

U2F (Universal 2nd Factor) is a universal authentication standard that provides an additional layer of security for online accounts.

Go to tutorial

What is WebAuthn?

WebAuthn is a web standard for secure, passwordless authentication allowing web servers to authenticate users with asymmetric cryptography instead of passwords.

Go to tutorial

What is OIDC (Open ID Connect)?

OIDC, or OpenID Connect, is an authentication layer built on top of the authorization protocol OAuth 2.0 and provides a standardized way for users to authenticate themselves to web applications.

Go to tutorial

What Is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between parties, and in particular, between an identity provider (IdP) and a service provider (SP). The Identity Provider will verify the identity of the user, verifying they are who they say they are.

Go to tutorial

The Failures of Shared Secrets and How We Can Replace Them

User authentication is a crucial component of securing any system. Access to sensitive infrastructure resources such as servers, databases and applications must be restricted to authorized users only.

Go to tutorial

Infrastructure Access 101 > Authorization

What is RBAC?

RBAC stands for Role-Based Access Control. It is a method of regulating access to servers, computers or network resources based on the roles of individual users within an organization.

Go to tutorial

What is ABAC?

Attribute-Based Access Control (ABAC) is a method of regulating access to resources based on the attributes of both the resource and the user requesting access.

Go to tutorial

What is MAC (Mandatory Access Control)?

Mandatory Access Control (MAC) is a type of access control that imposes a predefined set of security rules, or labels, to control which users or systems can access specific resources.

Go to tutorial

What is OAuth 2.0 (Open Authorization)?

OAuth 2.0 (Open Authorization) is a standard for authorization where a user allows an application to access their resources hosted on another application, on their behalf, without the sharing of their credentials.

Go to tutorial

Infrastructure Access 101 > Audit

OS Default Logging with Windows

No matter the size of your company or the size of your engineering team, it is always important to maintain visibility into what’s happening in your infrastructure. As your company grows, however, and you start to need to meet compliance standards like the SOC2 and FedRAMP frameworks, keeping detailed, specific audit logs becomes a must-have.

Go to tutorial

Access Logging

Access logging is the practice of system monitoring via a file or a collection of files that detail all of the various activities on a system. Composed of various events and metadata, good access logging practices will help you stay informed on exactly what is happening in your infrastructure, and exactly who is carrying out these various activities.

Go to tutorial

Guide to Audit Logging for Cloud Native Companies

A deep dive into best practices for what is audit logging with best pratices for cloud native companies.

Go to tutorial

Other > Compare

StrongDM vs Teleport

The post compares StrongDM and Teleport, two infrastructure access platforms. StrongDM is proprietary, while Teleport is open-source and offers advanced security and compliance capabilities.

Go to tutorial

Hashicorp Boundary vs Teleport

Hashicorp Boundary vs Teleport: Teleport is an open-source infrastructure access platform that replaces secrets like passwords and keys with secure certificates, providing a complete Zero Trust solution, while HashiCorp Boundary is a remote access solution offering deep integration with HashiCorp Vault for temporary credentials. Both solutions offer secure access to infrastructure, but Teleport boasts advanced security features, wider client and protocol support, and a secretless approach.

Go to tutorial

CyberArk vs Teleport

Discover the differences between Teleport and CyberArk, two privileged access management (PAM) solutions designed to secure critical infrastructure. While CyberArk uses secrets like passwords and keys, Teleport is an open-source, secretless, and cloud-native PAM that delivers essential capabilities while maximizing developer productivity and supporting modern tools like Kubernetes and cloud databases.

Go to tutorial

StrongDM Alternatives to Secure Infrastructure Access

Having some issues with StrongDM or just want to see what else is out there? Today we’ll walk you through what StrongDM is good at, what it’s not so good at and some alternatives that match different use cases.

Go to tutorial

CyberArk Alternatives to Secure Infrastructure Access

Secure access to your cloud infrastructure while keeping devs productive with these service & infrastructure access management platform alternatives to CyberArk.

Go to tutorial

Articles > Remote Access

How to Access and Monitor IoT Devices Securely

Uncover effective strategies for managing IoT devices remotely at scale. Our comprehensive guide provides security teams with solutions for secure and efficient IoT device control.

Go to tutorial

Implementing Zero Trust Network Access in Cloud-Native Environments

Zero Trust Network Access (ZTNA) is a security solution that provides secure remote access to corporate resources based strictly on identity and context. Identity verification for every person and device is required continuously regardless of network location or whether they have previously accessed a resource or not. No one is trusted from inside the network or outside, which is a tighter ship than the traditional approach of one being universally trusted as long as they are inside the network.

Go to tutorial

Principle of Least Privilege: What It Is & How to Implement It

Principle of least privilege defines just-in-time access to your cloud-native environment to meet security and compliance requirements without disrupting your teams.

Go to tutorial

Cheat Sheets and How-to Guides > AWS

SSH Bastion on AWS

Dive into our guide on setting up an SSH bastion server for AWS EC2 instances. Learn the significance of bastion servers and the security advantages they bring. Discover different setup options including self-hosted OpenSSH, OSS Teleport, and Teleport Cloud, with a focus on their relative benefits. Ideal for all skill levels, this post offers the knowledge needed to optimize and secure your AWS infrastructure.

Go to tutorial

Cheat Sheets and How-to Guides > AWS EKS

How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters

We will guide you through the steps to configure single sign-On (SSO) for Amazon EKS clusters with Okta, SAML and Teleport Enterprise.

Go to tutorial

Just-in-Time Access for Amazon EKS

A practical guide showing how you can implement just-in-time access for EKS using Teleport.

Go to tutorial

Auditing and Reviewing Amazon EKS Workloads

Auditing and reviewing workload access deployed in Kubernetes clusters is critical for achieving compliance. Learn how to audit AWS EKS Workloads.

Go to tutorial

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO

Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO. A how-to guide.

Go to tutorial

Authenticating AWS EKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate AWS EKS Kubernetes clusters with GitHub single sign-on (SSO).

Go to tutorial

Configure RBAC for Kubernetes EKS

An overview of best practices for how to configure RBAC for Kubernetes running AWS EKS.

Go to tutorial

Cheat Sheets and How-to Guides > Kubernetes

Configuring Okta as an Identity Provider for Kubernetes Clusters

This post is a tutorial that explains how to use Okta as an identity provider for Kubernetes clusters managed by Teleport. Okta is a platform for managing identities and access in the cloud that allows secure and simple access to multiple programs and services. Teleport is an identity-native infrastructure access platform that provides phishing-proof zero trust for every engineer and service connected to an organization's global infrastructure.

Go to tutorial

Cheat Sheets and How-to Guides > Google Kubernetes Engine (GKE)

Authenticating GCP GKE with Google Workspace SSO

Authenticating Google Kubernetes Engine Clusters with Google Workspace SSO

Go to tutorial

Configuring Okta as an Identity Provider for Kubernetes Clusters

This post is a tutorial that explains how to use Okta as an identity provider for Kubernetes clusters managed by Teleport. Okta is a platform for managing identities and access in the cloud that allows secure and simple access to multiple programs and services. Teleport is an identity-native infrastructure access platform that provides phishing-proof zero trust for every engineer and service connected to an organization's global infrastructure.

Go to tutorial

Authenticating GKE Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate Google Kubernetes Engine (GKE) Kubernetes clusters with GitHub single sign-on (SSO).

Go to tutorial

RBAC for Google Cloud Kubernetes Engine (GCP GKE)

Configuring Role-Based Access Control (RBAC) for Google Cloud Kubernetes Engine (GCP GKE).

Go to tutorial

Cheat Sheets and How-to Guides > Azure AKS

Authenticating Azure AKS Kubernetes Clusters with Okta SSO

How to Authenticate Azure AKS Kubernetes Clusters with Okta SSO. Consolidating access and providing an audit log for access

Go to tutorial

Authenticating Azure AKS Kubernetes Clusters with GitHub SSO

In this tutorial, we’ll look at how to authenticate Microsoft Azure Kubernetes Service (AKS) Kubernetes clusters with GitHub single sign-on (SSO).

Go to tutorial

Azure AKS RBAC

Configuring Role-Based Access Control (RBAC) for Microsoft Azure Managed Kubernetes Service (AKS)

Go to tutorial

Cheat Sheets and How-to Guides > Self-Hosted

Deploying self-hosted Highly Available Teleport on an On-Prem data center.

This article is a how-to guide to deploy self-hosted Teleport in a highly available mode on an on-prem environment using HAproxy, etcd, and minIO.

Go to tutorial