goteleport.com Open in urlscan Pro
2606:4700::6812:717  Public Scan

URL: https://goteleport.com/
Submission: On December 06 via manual from IL — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

Are you using multiple AWS accounts to separate your environments?
Dec 14
Virtual
Learn More

Platform


PLATFORM

Why TeleportIdentity Governance & SecurityHow It Works


ACCESS CONTROL

SSHKubernetesDatabasesInternal WebappsWindowsAWS Console
Our Features
AssistSingle Sign OnJust In Time Access RequestsRole Based Access ControlAudit
and Session RecordingsDevice TrustPasswordless
Solutions


BY USE CASE

Privileged Access ManagementMachine-to-Machine AccessUnified Infrastructure
ConsolePasswordless Infrastructure Access


BY INDUSTRY

E-commerce & EntertainmentFinancial ServicesSoftware-as-a-service (SaaS)
Providers


BY CLOUD PROVIDER

Infrastructure Access for AWS


BY COMPLIANCE STANDARD

FedRAMPHIPAASOC 2
Resources


TRY TELEPORT

Teleport LabsTeleport TeamIntegrations
Community
Our CustomersGitHubTeleport Connect 2023
Resources
BlogEventsWebinarsPodcastsTech PapersHot TakesLearn


SUPPORT

Support PortalCommunity SlackGitHub DiscussionsSystem Status
Featured Resource
Documentation
DocumentationTeleport ClientsHow It WorksTeleport LabsTeleport CommunityTeleport
Slack ChannelGitHub
Pricing

Community
Getting Started with OSSDownloadsCommunity SlackGitHubGitHub DiscussionsPodcasts
Sign In

Get Started


THE OPEN INFRASTRUCTURE ACCESS PLATFORM

The easiest, most secure way
to access all your infrastructure.

Get Started

Terminal
$
tsh login
Launching SSO with 2FA via browser...
Single Sign On


Single Sign On

Verify

Multi Factor Authentication

Security Key or Biometric Authenticator
Multi Factor Authentication

Authentication Successful
Replay Animation




WHAT IS TELEPORT?

DevOps teams use Teleport to access SSH and Windows servers, Kubernetes,
databases, AWS Console, and web applications. Teleport prevents phishing by
moving away from static credentials towards ephemeral certificates backed by
biometrics and hardware identity, and stops attacker pivots with the Zero Trust
design.

Servers
Databases
Kubernetes
Applications
Desktops
Activity
Team
Servers
600 total
Add Server


HostnameAddressLabelsActions

ip-10-0-0-115
⟵ tunnelregion: us-west-1Connect

ip-10-0-0-20
⟵ tunnelregion: sa-east-1Connect

ip-10-0-0-60
⟵ tunnelregion: us-west-2Connect

ip-10-0-0-85
⟵ tunnelregion: eu-west-1Connect

ip-10-0-0-90
⟵ tunnelregion: us-east-1Connect

NameTypeLabelsActions
aurora
RDS PostgreSQLenv: devpostgresConnect
mongodb
Self-hosted MongoDBenv: dev-1mongodbConnect
gcloud
GCP SQL Postgresenv: prodsqlConnect
Cockroach
Self-hosted CockroachDBenv: prodcrdbConnect
mysql
Self-hosted Mysqlenv: dev-2mysqlConnect

NameLabelsActions
eks-stg-cluster
env: stg2region: us-west-2Connect
eks-prod-cluster
env:prodregion:us-east-2Connect
galactus
env:prodentropy-serviceConnect
eks-dev-cluster
env:stgregion:us-east-2Connect
galaxy
env:stgEKSConnect

NameAddressLabelsActions
aws
https://dev.runteleport.comenv: devConnect
grafana
https://grafana.runteleport.comenv: workConnect
jenkins
https://jenkins.runteleport.comenv: workConnect
metabase
https://meta.runteleport.comenv: devConnect
gitlab
https://gitlab.runteleport.comenv: devConnect

AddressNameLabelsActions
10.0.0.10
Windowsname: BaseConnect
10.0.40.10
Windows Prodname: ProdConnect
10.0.32.10
Windows Devname: DevConnect
10.0.130.2
Windows Bizopsname: BizConnect
10.0.157.72
Windows Sysname: SysConnect

NodeUser(s)DurationActions

ip-10-0-0-51
alice5 minsPlay

ip-10-0-0-120
bob7 minsPlay

ip-10-0-0-51
slack-plugin10 minsPlay

ip-10-0-0-22
terraform5 minsPlay

ip-10-0-0-120
eve7 minsPlay

UsernameRolesTypeActions

alice
accessGitHubOptions

bob
accessGitHubOptions

terraform
terraformLocal UserOptions

slack-plugin
slackLocal UserOptions

eve
accessLocal UserOptions


200%


REDUCE RISK

Teleport’s use of identity instead of credentials will, as demonstrated, reduce
this risk by 200% compared to that posed by static credentials



Paul Stringfellow

Access Whitepaper


IDENTITY GOVERNANCE & SECURITY

Protect identities across all of your infrastructure with Teleport.

REDUCE ATTACK SURFACE

Enforce principle of least privilege with just-in-time access requests and
automated access reviews.

ELIMINATE WEAK ACCESS PATTERNS

Access Monitoring provides visibility into privileged access to critical data
and infrastructure.

RESPOND TO IDENTITY THREATS

Take immediate action with identity locking in your incident response. Lock
suspicious or compromised identities and stop them in their tracks, across all
protocols and services.

REDUCE ATTACK SURFACE

Enforce principle of least privilege with just-in-time access requests and
automated access reviews.







DYNAMIC INVENTORY OF EVERYTHING YOU HAVE

Teleport provides an automated and holistic view of all privileged
infrastructure resources within your organization. This eliminates access silos,
protects from impersonation attacks and provides a single place to manage
policy.

TRUSTED INFRASTRUCTURE

Self-updating inventory of privileged resources: servers, cloudinstances,
databases, Kubernetes clusters, and internal webapps.

TRUSTED CLIENT DEVICES

Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and
other phishing-resistant MFA devices..

WORLDWIDE VIEW

The inventory supports IoT devices, multiple clouds, on-premise environments and
the private environments of your clients.

TRUSTED INFRASTRUCTURE

Self-updating inventory of privileged resources: servers, cloudinstances,
databases, Kubernetes clusters, and internal webapps.

TRUSTED CLIENT DEVICES

Inventory of enrolled TPM-equipped client laptops, workstations, Yubikeys and
other phishing-resistant MFA devices..

WORLDWIDE VIEW

The inventory supports IoT devices, multiple clouds, on-premise environments and
the private environments of your clients.





SECRETLESS ACCESS TO EVERYTHING

Secrets such as passwords, private keys, and browser cookies are the #1 source
of data breach. They are vulnerable to phishing attacks, credential sharing,
theft, client device loss and other forms of human errors. Teleport doesn’t use
secrets.

BIOMETRICS FOR HUMANS

Phishing-resistant MFA and passwordless authentication supporting Touch ID,
YubiKey Bio and other supported devices.

MACHINE IDENTITY

No more private host keys. Embrace strong machine identities for service
accounts, CI/CD automation and microservices. Teleport Machine ID can be
hardened by HSM or virtual HSM.

SHORT-LIVED CERTIFICATES

Built-in certificate authority for X.509 and SSH certificates for all resources,
including legacy systems. Teleport PKI infrastructure is fully automatic and
does not require management.

BIOMETRICS FOR HUMANS

Phishing-resistant MFA and passwordless authentication supporting Touch ID,
YubiKey Bio and other supported devices.

MACHINE IDENTITY

No more private host keys. Embrace strong machine identities for service
accounts, CI/CD automation and microservices. Teleport Machine ID can be
hardened by HSM or virtual HSM.

SHORT-LIVED CERTIFICATES

Built-in certificate authority for X.509 and SSH certificates for all resources,
including legacy systems. Teleport PKI infrastructure is fully automatic and
does not require management.





ONE PLACE TO MANAGE ALL PRIVILEGES

Break access silos. Consolidate privileges for humans and machines across all
protocols and resource types in one place. Lower the operational overhead of
managing access and enforcing policy.

ACCESS REQUESTS

Implement the principle of least privilege, when a client is temporarily given
only minimal privileges to complete the task.

DUAL AUTHORIZATION

FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly
privileged actions must be approved by multiple authorized team members.
How does this work?

SESSION SHARING AND MODERATION

An interactive session can contain multiple simultaneous clients. Highly
privileged sessions can be configured to always include a moderator to prevent a
single client from being a point of failure.

ACCESS REQUESTS

Implement the principle of least privilege, when a client is temporarily given
only minimal privileges to complete the task.

DUAL AUTHORIZATION

FedRAMP AC-3 and other compliance frameworks like SOC 2 require that highly
privileged actions must be approved by multiple authorized team members.

SESSION SHARING AND MODERATION

An interactive session can contain multiple simultaneous clients. Highly
privileged sessions can be configured to always include a moderator to prevent a
single client from being a point of failure.





TRUE ZERO TRUST

Move away from network-based perimeter security and prevent attackers from
pivoting. Teleport implements Zero Trust on the application level, enforcing
authentication and encryption natively for all protocols.

ZERO NETWORK EXPOSURE

Critical infrastructure resources do not need to listen on the network. They are
accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.

UNIVERSAL CONNECTIVITY

Manage access to remote devices running on 3rd party networks behind NAT with
latency-optimized routing.

TRUST FEDERATION

Multiple organizations can manage trust across teams and securely access shared
infrastructure via role mapping.

ZERO NETWORK EXPOSURE

Critical infrastructure resources do not need to listen on the network. They are
accessed via encrypted reverse tunnels to Teleport identity-aware Proxy.

UNIVERSAL CONNECTIVITY

Manage access to remote devices running on 3rd party networks behind NAT with
latency-optimized routing.

TRUST FEDERATION

Multiple organizations can manage trust across teams and securely access shared
infrastructure via role mapping.




CONSOLIDATED VISIBILITY AND AUDIT

Collect all security events generated by humans and machines across your entire
infrastructure in one place and export to any SIEM or threat detection platforms
for further analysis.

RICH AUDIT LOGS

Security logs are collected on the application level, giving you rich
protocol-native context for what happened and who’s responsible.

SESSION RECORDINGS

Interactive sessions for all protocols are recorded and can be replayed in a
YouTube-like interface.

REAL-TIME LIVE SESSIONS

See what is happening with every active authenticated connection across all
resources in your entire infrastructure. Interfere if needed.

RICH AUDIT LOGS

Security logs are collected on the application level, giving you rich
protocol-native context for what happened and who’s responsible.

SESSION RECORDINGS

Interactive sessions for all protocols are recorded and can be replayed in a
YouTube-like interface.

REAL-TIME LIVE SESSIONS

See what is happening with every active authenticated connection across all
resources in your entire infrastructure. Interfere if needed.





WHY USE TELEPORT


BEFORE AND AFTER TELEPORT


BEFORE TELEPORT

 * Access silos everywhere. Engineers use a mixture of VPNs, bastion hosts and
   proxies.
 * High operational overhead of managing privileges across different
   infrastructure layers.
 * Vulnerable to phishing because access is granted based on static credentials.
 * Connectivity, authentication, authorization and audit are handled by stitched
   together systems such as IAM, SASE, PAM, and SIEM.
 * Privileges are granted based on static user roles.




AFTER TELEPORT

 * A single login command gives engineers access to all infrastructure layers
   they need.
 * Single place to manage all privileges for all layers of the stack, for humans
   and machines.
 * Phishing-proof access is based on ephemeral or single-use certificates.
 * Vertically integrated access platform tailored to the scale and security
   considerations of cloud-native infrastructure.
 * Minimal privileges are dynamically granted to complete a given task.



 * > Teleport allows us to comply with the regulatory hurdles that come with
   > running an international stock exchange. The use of bastion hosts,
   > integration with our identity service and auditing capabilities give us a
   > compliant way to access our internal infrastructure.
   > 
   > 
   > 
   > Brendan Germain
   > 
   > Systems Reliability Engineer, Nasdaq

 * > Teleport has made obtaining a FedRAMP-Moderate ATO that much more
   > achievable via their FIPS 140-2 endpoints, ease in integration with our SSO
   > and MFA , and the view into audit logs of remote connection sessions
   > provide the appropriate insight for Continuous Monitoring.
   > 
   > 
   > 
   > Jeff Gill
   > 
   > Senior Director of Engineering, SumoLogic

 * > We use Teleport Access Requests in combination with Auth0 to easily manage
   > access to our infrastructure. Prior to Teleport, we manually managed SSH
   > keys and a bastion machine and it was an organizational nightmare. It has
   > great configuration options, and the UI is great for junior engineers that
   > may need access to certain infrastructure, but aren't very SSH savvy.
   > 
   > 
   > 
   > Dylan Stamat
   > 
   > CTO, VerticalChange

 * 
 * 
 * 


WORKS WITH EVERYTHING YOU HAVE


TELEPORT INTEGRATES WITH OVER 170 CLOUD BASED RESOURCES

Our vision for Teleport Terminal is to become the universal user interface for
everything in the cloud. Below is the list of the resources it supports, and
we’ll be adding new protocols quickly:

Rancher

AWS CLI

GitLab

Redis

Snowflake

Windows Server

GitHub

Okta

Keptn

MongoDB

Elasticsearch

CockroachDB

...AND MANY MORE


Terminal

# on a client$ tsh login --proxy=example.com
# on a server$ apt install teleport
# in a Kubernetes cluster$ helm install


EASY TO GET STARTED

Teleport is easy to deploy and use. We believe that simplicity and good user
experience are key to first-class security.

Teleport consists of just two binaries.

 1. The tsh client allows users to login to retrieve short-lived certificates.
 2. The teleport agent can be installed on any server or any Kubernetes cluster
    with a single command.

Download Teleport


TRY TELEPORT TODAY

In the cloud, self-hosted, or open source.
View developer docs

Get Started




 * PROTOCOLS
   
   * Teleport Overview
   * SSH
   * Kubernetes
   * Databases
   * Applications
   * Windows
   * Teleport Features
   * Teleport Pricing


 * DOCUMENTATION
   
   * Teleport Documentation
   * Download Teleport
   * How Teleport works
   * GitHub repository


 * LEARN
   
   * Why Teleport?
   * Teleport Learn
   * Blog
   * Customers
   * Resources
   * Events
   * What is SSH?
   * What is a Kubernetes cluster?


 * COMPANY
   
   * About us
   * Security
   * Careers
   * News
   * Partners
   * Status


 * GET IN TOUCH
   
   * (855) 818 9008
   * General inquiries
   * Customer support
   
   
   * CONNECT
     
     * Teleport Community
     * Slack
     * GitHub
     * Twitter
     * LinkedIn
     * YouTube

© 2023 Gravitational Inc.; all rights reserved.

 * Terms of Service
 * Website Terms of Use
 * Privacy
 * Job Applicant Privacy Policy