goteleport.com Open in urlscan Pro
2606:4700::6812:617  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Teleport Launches Identity Governance and Security
Read More

Platform


PLATFORM

Why TeleportIdentity Governance & SecurityHow It Works


ACCESS CONTROL

SSHKubernetesDatabasesInternal WebappsWindowsAWS Console
Our Features
AssistSingle Sign OnJust In Time Access RequestsRole Based Access ControlAudit
and Session RecordingsDevice TrustPasswordless
Solutions


BY USE CASE

Privileged Access ManagementIdentity-Driven Machine AccessDevOps Infrastructure
ConsolePasswordless Infrastructure Access


BY INDUSTRY

E-commerce & EntertainmentFinancial ServicesSoftware-as-a-service (SaaS)
Providers


BY CLOUD PROVIDER

Infrastructure Access for AWS


BY COMPLIANCE STANDARD

FedRAMPHIPAASOC 2
Resources


TRY TELEPORT

Teleport LabsTeleport TeamIntegrations
Community
Our CustomersGitHubTeleport Connect 2023
Resources
BlogEventsWebinarsPodcastsTech PapersLearn


SUPPORT

Support PortalCommunity SlackGitHub DiscussionsSystem Status
Featured Resource
Documentation
DocumentationTeleport ClientsHow It WorksTeleport LabsTeleport CommunityTeleport
Slack ChannelGitHub
Pricing

Community
Getting Started with OSSDownloadsCommunity SlackGitHubGitHub DiscussionsPodcasts
Sign In

Get Started


THE OPEN INFRASTRUCTURE ACCESS PLATFORM

The easiest, most secure way
to access all your infrastructure.

Get Started

Terminal
$
tsh login
Launching SSO with 2FA via browser...
Single Sign On


Single Sign On

Verify

Multi Factor Authentication

Security Key or Biometric Authenticator
Multi Factor Authentication

Authentication Successful
Replay Animation




WHAT IS TELEPORT?

DevOps teams use Teleport to access SSH and Windows servers, Kubernetes,
databases, AWS Console, and web applications. Teleport prevents phishing by
moving away from static credentials towards ephemeral certificates backed by
biometrics and hardware identity, and stops attacker pivots with the Zero Trust
design.

Servers
Databases
Kubernetes
Applications
Desktops
Activity
Team
Servers
600 total
Add Server


HostnameAddressLabelsActions

ip-10-0-0-115
⟵ tunnelregion: us-west-1Connect

ip-10-0-0-20
⟵ tunnelregion: sa-east-1Connect

ip-10-0-0-60
⟵ tunnelregion: us-west-2Connect

ip-10-0-0-85
⟵ tunnelregion: eu-west-1Connect

ip-10-0-0-90
⟵ tunnelregion: us-east-1Connect

NameTypeLabelsActions
aurora
RDS PostgreSQLenv: devpostgresConnect
mongodb
Self-hosted MongoDBenv: dev-1mongodbConnect
gcloud
GCP SQL Postgresenv: prodsqlConnect
Cockroach
Self-hosted CockroachDBenv: prodcrdbConnect
mysql
Self-hosted Mysqlenv: dev-2mysqlConnect

NameLabelsActions
eks-stg-cluster
env: stg2region: us-west-2Connect
eks-prod-cluster
env:prodregion:us-east-2Connect
galactus
env:prodentropy-serviceConnect
eks-dev-cluster
env:stgregion:us-east-2Connect
galaxy
env:stgEKSConnect

NameAddressLabelsActions
aws
https://dev.runteleport.comenv: devConnect
grafana
https://grafana.runteleport.comenv: workConnect
jenkins
https://jenkins.runteleport.comenv: workConnect
metabase
https://meta.runteleport.comenv: devConnect
gitlab
https://gitlab.runteleport.comenv: devConnect

AddressNameLabelsActions
10.0.0.10
Windowsname: BaseConnect
10.0.40.10
Windows Prodname: ProdConnect
10.0.32.10
Windows Devname: DevConnect
10.0.130.2
Windows Bizopsname: BizConnect
10.0.157.72
Windows Sysname: SysConnect

NodeUser(s)DurationActions

ip-10-0-0-51
alice5 minsPlay

ip-10-0-0-120
bob7 minsPlay

ip-10-0-0-51
slack-plugin10 minsPlay

ip-10-0-0-22
terraform5 minsPlay

ip-10-0-0-120
eve7 minsPlay

UsernameRolesTypeActions

alice
accessGitHubOptions

bob
accessGitHubOptions

terraform
terraformLocal UserOptions

slack-plugin
slackLocal UserOptions

eve
accessLocal UserOptions


WHY TELEPORT


COMPLEXITY + SCALE = RISK

breaches due to shared secrets

--------------------------------------------------------------------------------

of organizations still use shared secrets as their main access method

--------------------------------------------------------------------------------

are not confident ex-employees don't have access to company infrastructure


DYNAMIC INVENTORY OF EVERYTHING YOU HAVE

Teleport provides an automated and holistic view of all privileged
infrastructure resources within your organization. This eliminates access silos,
protects from impersonation attacks and provides a single place to manage
policy.

TRUSTED INFRASTRUCTURE

Self-updating inventory of privileged resources: servers, cloud instances,
databases, Kubernetes clusters, and internal webapps.

TRUSTED CLIENT DEVICES

Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and
other phishing-resistant MFA devices.

WORLDWIDE VIEW

The inventory supports IoT devices, multiple clouds, on-premise environments and
the private environments of your clients.

TRUSTED INFRASTRUCTURE

Self-updating inventory of privileged resources: servers, cloud instances,
databases, Kubernetes clusters, and internal webapps.

TRUSTED CLIENT DEVICES

Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and
other phishing-resistant MFA devices.

WORLDWIDE VIEW

The inventory supports IoT devices, multiple clouds, on-premise environments and
the private environments of your clients.




--------------------------------------------------------------------------------


SECRETLESS ACCESS TO EVERYTHING

Secrets such as passwords, private keys, and browser cookies are the #1 source
of data breach. They are vulnerable to phishing attacks, credential sharing,
theft, client device loss and other forms of human errors. Teleport doesn’t use
secrets.

BIOMETRICS FOR HUMANS

Phishing-resistant MFA and passwordless authentication supporting Touch ID,
YubiKey Bio and other supported devices.

MACHINE IDENTITY

No more private host keys. Embrace strong machine identities for service
accounts, CI/CD automation and microservices. Teleport Machine ID can be
hardened by HSM or virtual HSM.

SHORT-LIVED CERTIFICATES

Built-in certificate authority for X.509 and SSH certificates for all resources,
including legacy systems. Teleport PKI infrastructure is fully automatic and
does not require management.

BIOMETRICS FOR HUMANS

Phishing-resistant MFA and passwordless authentication supporting Touch ID,
YubiKey Bio and other supported devices.

MACHINE IDENTITY

No more private host keys. Embrace strong machine identities for service
accounts, CI/CD automation and microservices. Teleport Machine ID can be
hardened by HSM or virtual HSM.

SHORT-LIVED CERTIFICATES

Built-in certificate authority for X.509 and SSH certificates for all resources,
including legacy systems. Teleport PKI infrastructure is fully automatic and
does not require management.




--------------------------------------------------------------------------------


ONE PLACE TO MANAGE ALL PRIVILEGES

Break access silos. Consolidate privileges for humans and machines across all
protocols and resource types in one place. Lower the operational overhead of
managing access and enforcing policy.

ACCESS REQUESTS

Implement the principle of least privilege, when a client is temporarily given
only minimal privileges to complete the task. How does this work?

DUAL AUTHORIZATION

FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly
privileged actions must be approved by multiple authorized team members.

SESSION SHARING AND MODERATION

An interactive session can contain multiple simultaneous clients. Highly
privileged sessions can be configured to always include a moderator to prevent a
single client from being a point of failure.

ACCESS REQUESTS

Implement the principle of least privilege, when a client is temporarily given
only minimal privileges to complete the task. How does this work?

DUAL AUTHORIZATION

FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly
privileged actions must be approved by multiple authorized team members.

SESSION SHARING AND MODERATION

An interactive session can contain multiple simultaneous clients. Highly
privileged sessions can be configured to always include a moderator to prevent a
single client from being a point of failure.




--------------------------------------------------------------------------------


TRUE ZERO TRUST

Move away from network-based perimeter security and prevent attackers from
pivoting. Teleport implements Zero Trust on the application level, enforcing
authentication and encryption natively for all protocols.

ZERO NETWORK EXPOSURE

Critical infrastructure resources do not need to listen on the network. They are
accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.

UNIVERSAL CONNECTIVITY

Manage access to remote devices running on 3rd party networks behind NAT with
latency-optimized routing.

TRUST FEDERATION

Multiple organizations can manage trust across teams and securely access shared
infrastructure via role mapping.

ZERO NETWORK EXPOSURE

Critical infrastructure resources do not need to listen on the network. They are
accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.



--------------------------------------------------------------------------------


CONSOLIDATED VISIBILITY AND AUDIT

Collect all security events generated by humans and machines across your entire
infrastructure in one place and export to any SIEM or threat detection platforms
for further analysis.

RICH AUDIT LOGS

Security logs are collected on the application level, giving you rich
protocol-native context for what happened and who’s responsible.

SESSION RECORDINGS

Interactive sessions for all protocols are recorded and can be replayed in a
YouTube-like interface.

REAL-TIME LIVE SESSIONS

See what is happening with every active authenticated connection across all
resources in your entire infrastructure. Interfere if needed.

RICH AUDIT LOGS

Security logs are collected on the application level, giving you rich
protocol-native context for what happened and who’s responsible.

SESSION RECORDINGS

Interactive sessions for all protocols are recorded and can be replayed in a
YouTube-like interface.

REAL-TIME LIVE SESSIONS

See what is happening with every active authenticated connection across all
resources in your entire infrastructure. Interfere if needed.




--------------------------------------------------------------------------------


CLOUD-NATIVE PRIVILEGED ACCESS MANAGEMENT

Modern cloud-native infrastructure is elastic, ephemeral and automated with
code. Teleport is designed to natively fit into the modern DevOps workflow.

POLICY AS CODE

Extend Teleport access approval workflows with code using programming language
you’re familiar with.

FLEXIBLE LOGIN RULES

Customize the SSO flow with configurable login rules and role templates.

DEVOPS INTEGRATIONS

Approve access requests using the tools you already have, such as Slack,
PagerDuty and others. This allows security teams to approve or deny requests
quickly and avoids frustration for engineers who need to get the job done.

POLICY AS CODE

Extend Teleport access approval workflows with code using programming language
you’re familiar with.




WHY USE TELEPORT


BEFORE AND AFTER TELEPORT


BEFORE TELEPORT

 * Access silos everywhere. Engineers use a mixture of VPNs, bastion hosts and
   proxies.
 * High operational overhead of managing privileges across different
   infrastructure layers.
 * Vulnerable to phishing because access is granted based on static credentials.
 * Connectivity, authentication, authorization and audit are handled by stitched
   together systems such as IAM, SASE, PAM, and SIEM.
 * Privileges are granted based on static user roles.




AFTER TELEPORT

 * A single login command gives engineers access to all infrastructure layers
   they need.
 * Single place to manage all privileges for all layers of the stack, for humans
   and machines.
 * Phishing-proof access is based on ephemeral or single-use certificates.
 * Vertically integrated access platform tailored to the scale and security
   considerations of cloud-native infrastructure.
 * Minimal privileges are dynamically granted to complete a given task.




WORKS WITH EVERYTHING YOU HAVE


TELEPORT INTEGRATES WITH OVER 170 CLOUD BASED RESOURCES

Our vision for Teleport Terminal is to become the universal user interface for
everything in the cloud. Below is the list of the resources it supports, and
we’ll be adding new protocols quickly:

Rancher

AWS CLI

GitLab

Redis

Snowflake

Windows Server

GitHub

Okta

Keptn

MongoDB

Elasticsearch

CockroachDB

...AND MANY MORE


Terminal

# on a client$ tsh login --proxy=example.com
# on a server$ apt install teleport
# in a Kubernetes cluster$ helm install


EASY TO GET STARTED

Teleport is easy to deploy and use. We believe that simplicity and good user
experience are key to first-class security.

Teleport consists of just two binaries.

 1. The tsh client allows users to login to retrieve short-lived certificates.
 2. The teleport agent can be installed on any server or any Kubernetes cluster
    with a single command.

Download Teleport


TRY TELEPORT TODAY

In the cloud, self-hosted, or open source.
View developer docs

Get Started




 * PROTOCOLS
   
   * Teleport Overview
   * SSH
   * Kubernetes
   * Databases
   * Applications
   * Windows
   * Teleport Features
   * Teleport Pricing


 * DOCUMENTATION
   
   * Teleport Documentation
   * Download Teleport
   * How Teleport works
   * GitHub repository


 * LEARN
   
   * Why Teleport?
   * Teleport Learn
   * Blog
   * Customers
   * Resources
   * Events
   * What is SSH?
   * What is a Kubernetes cluster?


 * COMPANY
   
   * About us
   * Security
   * Careers
   * News
   * Partners
   * Status


 * GET IN TOUCH
   
   * (855) 818 9008
   * General inquiries
   * Customer support
   
   
   * CONNECT
     
     * Teleport Community
     * Slack
     * GitHub
     * Twitter
     * LinkedIn
     * YouTube

© 2023 Gravitational Inc.; all rights reserved.

 * Terms of Service
 * Website Terms of Use
 * Privacy
 * Job Applicant Privacy Policy