Give an identity to all your services
Challenges securing machine-to-machine access at scale
Running a highly available, global CA for all your infrastructure is not easy.
You have roles defined for engineers. But how do you apply those roles to a microservice or CI/CD pipeline?
Many machine-to-machine use cases are ephemeral, putting importance on full automation.
Why customers big and small trust Teleport
By providing a unified identity-native access solution for engineers and the applications they write, Teleport Machine ID enables organizations to easily implement security and compliance without worrying about backdoors that outmoded solutions encourage.
Audit and recorded sessions in Teleport give us an understanding of exactly what was happening at any given moment. This is incredibly critical from a security and compliance perspective.
Mario Loria
Senior Site Reliability Engineer II, Carta
Teleport enabled us to meet our security and compliance needs for SOC 2 audits, which are required by many of our customers.
Eugene Gorelik
Head of Engineering, airSlate
We’ve been able to step back from writing all these custom toolings, how to maintain that tooling. We no longer have to worry about key management, we no longer have to worry about different places we’re managing user access, we all just do it through one single place, which is fantastic.
Daren Desjardins
Principal Engineer, Gladly
Manage machine users at scale with minimal overhead.
Machine ID has a Certificate Authority (CA) that automatically issues and renews SSH and X.509 certificates to facilitate machine-to-machine access, enabling security best practices such as frequent certificate rotations and the use of shorter TTLs.
It only takes two commands to create a machine user and generate a certificate. Or, you can fully automate the process so machine users can securely come and go as often as you need.
Define, implement and update access policies for developers and machines all in one place. This simplicity reduces room for error and increases security and compliance.
The same identity-based access for engineers and applications
Achieve unprecedented visibility into infrastructure access for machine users so you can meet and exceed compliance objectives.
Machine-initiated sessions across your entire infrastructure are recorded and stored in a storage solution of your choice. Session recordings are useful for forensic or educational purposes.
Instantly revoke machine user access any time with ease using a single command or automate revocation through integration with your SIEM.
Reduce blast radius of supply chain attacks
Every machine session is protected with the same granular role-based access controls (RBAC) that apply to engineers. An intern shouldn’t have access to production. Neither should a hacked CI/CD worker.
All machine users are assigned certificates with a configurable time-to-live (TTL) that automatically expires — no more forgetting to offboard a service.
Further harden your security posture by curating a list of IPs that can issue and use certificates.
Machine ID Demo
Short demo video highlighting the benefits of Teleport Machine ID. Providing access and short lived credentials to a Microservice and Ansible control node.
Works with everything you have
Teleport is open source and relies on open standards such as X.509 certificates, HTTPS, SAML, OpenID connect and others. Deployed as a single binary, it seamlessly integrates with the rest of your stack.
Amazon
Google Cloud
Azure
Linux
Jenkins
Bamboo
Drone
Ansible
Chef
Puppet
SaltStack
Kubernetes
...and many more
Easy to get started
Teleport is easy to deploy and use. We believe that simplicity and good user experience are key to first-class security.
- The tsh client allows users to login to retrieve short-lived certificates.
- The teleport agent can be installed on any server or any Kubernetes cluster with a single command.
# on a client
$ tsh login --proxy=example.com
# on a server
$ apt install teleport
# in a Kubernetes cluster
$ helm install