Teleport Workload Identity with SPIFFE: Achieving Zero Trust in Modern Infrastructure
May 23
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Home > Teleport Academy > Infrastructure Access

What are non-human identities?

Posted 29th Feb 2024 by Travis Swientek
What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

In DevOps architectures, where automation plays a key role, CI/CD systems and automated bots like Drone, Jenkins, and GitHub Actions, perform essential tasks related to the management, deployment, and maintenance of applications and services in cloud and on-premises deployments.

What are Non-Human Identities?

Non-human, or machine, access to infrastructure plays a crucial role in modern computing. In DevOps architectures, where automation plays a key role, CI/CD systems and automated bots like Drone, Jenkins, and GitHub Actions, perform essential tasks related to the management, deployment, and maintenance of applications and services in cloud and on-premises deployments.

Elements of Machine Access

  • Automation: Machines automate repetitive and predefined tasks, enhancing efficiency and reducing the potential for human error.
  • Machine Identity: Assigning unique identities to machines, typically through certificates, enables secure authentication and granular access control, ensuring that machines have the appropriate permissions for the tasks they perform.
  • Secure Connectivity: Secure access to network infrastructure is vital. In traditional IT architectures, this may involve VPNs and firewalls; in modern computing environments these connections may be secured through zero trust.

Overcoming Challenges in Machine Access

  • Network Security: In many infrastructure stacks, privileges are implicit, and machine access can create points of vulnerabilities.
  • Scalability and Management: As the number of machines and the complexity of tasks grow, managing access becomes increasingly challenging.
  • Compliance and Data Protection: With machines often handling sensitive information, adherence to compliance standards and the implementation of robust data protection measures are critical.

Teleport Take

Teleport provides a unified approach to secure infrastructure access for both humans and non-humans. Our approach includes:

  • Cryptographic Identity for both Users and Machines: Teleport assigns cryptographic identity to all users, machines, devices, and resources that are part of infrastructure access. This eliminates the risks associated with embedded secrets or static credentials that can vulnerable to identity-based attacks.
  • Zero-Trust Access: Teleport protects all connections, both between users and machines and infrastructure, and throughout the infrastructure stack, with zero trust. This zero trust connection to application and workloads makes infrastructure resilient to bad actors and ensures that infrastructure can be accessed from anywhere.
  • Seamless Integration with DevOps Tools: Teleport's platform integrates seamlessly with popular DevOps tools and CI/CD pipelines, facilitating automated deployments and operations across cloud-based and on-premises environments.
  • Visibility and Auditing: Teleport provides detailed audit logs and monitoring capabilities, offering visibility into machine activities and ensuring compliance with regulatory requirements.

By leveraging Teleport for machine access to infrastructure, organizations can achieve a balance between operational efficiency and stringent security requirements. Teleport's platform not only simplifies the management of machine identities and access but also enhances the overall security posture and user experience, enabling businesses to scale their operations securely and confidently in the face of increasing complexity of computing environments.

What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

Table of Contents

Background image

Teleport Enterprise

Protect your infrastructure with essential security & compliance capabilities

Tags
machine identity
machine identity management
non-human identities