Give an identity to all your services
Challenges securing machine-to-machine access at scale
Running a highly available, global CA for all your infrastructure is not easy.
You have roles defined for engineers. But how do you apply those roles to a microservice or CI/CD pipeline?
Many machine-to-machine use cases are ephemeral, putting importance on full automation.
Why customers big and small trust Teleport
By providing a unified identity-aware access solution for engineers and the applications they write, Teleport Machine ID enables organizations to easily implement security and compliance without worrying about backdoors that outmoded solutions encourage.
Manage machine users at scale with minimal overhead.
Machine ID has a Certificate Authority (CA) that automatically issues and renews SSH and X.509 certificates to facilitate machine-to-machine access, enabling security best practices such as frequent certificate rotations and the use of shorter TTLs.
It only takes two commands to create a machine user and generate a certificate. Or, you can fully automate the process so machine users can securely come and go as often as you need.
Define, implement and update access policies for developers and machines all in one place. This simplicity reduces room for error and increases security and compliance.
The same identity-based access for engineers and applications
Achieve unprecedented visibility into infrastructure access for machine users so you can meet and exceed compliance objectives.
Machine-initiated sessions across your entire infrastructure are recorded and stored in a storage solution of your choice. Session recordings are useful for forensic or educational purposes.
Instantly revoke machine user access any time with ease using a single command or automate revocation through integration with your SIEM.
Reduce blast radius of supply chain attacks
Every machine session is protected with the same granular role-based access controls (RBAC) that apply to engineers. An intern shouldn’t have access to production. Neither should a hacked CI/CD worker.
All machine users are assigned certificates with a configurable time-to-live (TTL) that automatically expires — no more forgetting to offboard a service.
Further harden your security posture by curating a list of IPs that can issue and use certificates.
Machine ID Demo
Short demo video highlighting the benefits of Teleport Machine ID. Providing access and short lived credentials to a Microservice and Ansible control node.
Works with everything you have
Teleport is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.
Easy to get started
Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.
- The tsh client allows users to login to retrieve short-lived certificates.
- The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
# on a client $ tsh login --proxy=example.com # on a server $ apt install teleport # in a Kubernetes cluster $ helm install