Teleport Access Plane

Teleport Server Access

Consolidate identity-based server access across all environments, meet compliance requirements, and have complete visibility into access and behavior.
Get Started
tsh login access-proxy
Single Sign On
Single Sign On
an enter password screen
Multi Factor Authentication
a biometric verification screen
Security Key or Biometric Authenticator
Multi Factor Authentication
a multi-factor authentication screen
Authentication Successful
For DevSecOps

Easily secure your servers using security best practices

Teleport delivers industry best practices for SSH access with minimal configuration. Easily enforce MFA, RBAC, and SSO using identity-based short-lived certificates and leave SSH keys behind.
a diagram of server architecture
Certificate-based access

Certificate-centric design enables Teleport to deliver SSO, RBAC, per-session MFA, and other modern security best practices for SSH access.

TLS routing

Certificate-based protocol negotiation shrinks the network attack surface area of all your Linux servers to a single TCP/IP port and reduces operational overhead.

Access requests

Move away from root accounts with just-in-time SSH privilege escalation for administrative tasks. Access requests can be approved via Slack or other supported plugins.

For compliance-minded engineers

Meet compliance requirements

Teleport was designed to continuously maintain compliance and pass audits with minimal configuration. The supported standards include SOC2, FedRAMP, HIPAA, ISO 27001, PCI and more.
a diagram of server architecture
Advanced authorization

Use the authorization mechanism best suited for your compliance requirements such as RBAC, per-session MFA, and dual authorization for privileged operations.

FIPS mode

Avoid human errors using Teleport FIPS mode which rejects configuration options unless they are compliant with FIPS 140-2, also known as the Federal Information Processing Standard.

Session controls

Implement moderated sessions, enforce concurrent session restrictions, proactive session termination and identity locking across your entire infrastructure footprint.

For developers

Access that doesn't get in the way

Designed for cloud-native workloads across multiple environments, Teleport works with existing CI/CD solutions, in a terminal, and in a browser. SSH permissions are always in sync with other layers of your stack removing the need to juggle shared secrets, or hop between VPNs and multiple access points.
a diagram of server architecture
Live server inventory

With a real-time inventory of all your Linux servers in the cloud, on-prem, or edge, resource discovery and maintenance are easy.

Shared sessions

See all live interactive SSH sessions across your entire fleet. Easily join another user’s session for pair programming or debugging.

Access as code

Automate access provisioning and access request approvals using your favorite programming language.

For security professionals

Complete visibility into access and behavior

Teleport provides a live view and an audit log for server sessions, filesystem changes, data transfers, command executions, and other security events making it easy to see what’s happening and who is responsible.
session replay with Teleport
Session recording

Every interactive session is recorded for future replay and can be analyzed by other tools for behavior anomalies.

Unified audit log

Consolidate all security events across all environments in a single source of truth and export them into a SIEM solution of your choice.

Kernel-level logging

Teleport offers enhanced session recordings based on BPF events so every system call during an SSH session can be audited.

Demo Video

Works with everything you have

Teleport Server Access is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.

Google Cloud
Active Directory
One Login

Easy to get started

Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.

Teleport consists of just two binaries.
  1. The tsh client allows users to login to retrieve short-lived certificates.
  2. The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
Download Teleport
# on a client
$ tsh login

# on a server
$ apt install teleport

# in a Kubernetes cluster
$ helm install

Try Teleport today

In the cloud, self-hosted, or open source
Get StartedView developer docs