Fork me on GitHub

Teleport Enterprise


This section will give an overview of Teleport Enterprise, the commercial product built around Teleport Open Source core. For those that want to jump right in, you can play with the Getting Started Guide for Teleport Enterprise.

The table below gives a quick overview of the benefits of Teleport Enterprise.

Teleport Enterprise FeatureDescription
Single Sign-On (SSO)Allows Teleport to integrate with existing enterprise identity systems. Examples include Active Directory, Github, Google Apps and numerous identity middleware solutions like Auth0, Okta, and so on. Teleport supports SAML and OAuth/OpenID Connect protocols to interact with them.
Access RequestsUser interface for teams to create and review requests to access infrastructure with escalated privileges.
FedRAMP/FIPSAccess controls to meet the requirements in a FedRAMP System Security Plan (SSP). This includes a FIPS 140-2 friendly build of Teleport Enterprise as well as a variety of improvements to aid in complying with security controls even in FedRAMP High environments.
Commercial SupportSupport SLA with guaranteed response times.
Contact Information

Try Teleport Enteprise for free in the cloud or contact sales.


The commercial edition of Teleport allows users to retrieve their SSH credentials via a single sign-on (SSO) system used by the rest of the organization.

Examples of supported SSO systems include commercial solutions like Okta, Auth0, SailPoint, OneLogin Active Directory, as well as open source products like Keycloak. Other identity management systems are supported as long as they provide an SSO mechanism based on either SAML or OpenID Connect.

How does SSO work with SSH?

From the user's perspective they need to execute the following command to retrieve their SSH certificate.

tsh login

Teleport can be configured with a certificate TTL to determine how often a user needs to log in.

tsh login will print a URL into the console, which will open an SSO login prompt, along with the 2FA, as enforced by the SSO provider. If a user supplies valid credentials, Teleport will issue an SSH certificate.

Moreover, SSO can be used in combination with role-based access control (RBAC) to enforce SSH access policies like "developers must not touch production data". See the SSO chapter for more details.

Contact Information

Try Teleport Enteprise for free in the cloud or contact sales.


With Teleport we have built the foundation to meet FedRAMP requirements for the purposes of accessing infrastructure. This includes support for FIPS 140-2, also known as the Federal Information Processing Standard, which is the US government approved standard for cryptographic modules.

Enterprise customers can download the custom FIPS package from the Gravitational Dashboard. Look for Linux 64-bit (FedRAMP/FIPS).

Using teleport start --fips Teleport will start in FIPS mode, Teleport will configure the TLS and SSH servers with FIPS compliant cryptographic algorithms. In FIPS mode, if non-compliant algorithms are chosen, Teleport will fail to start. In addition, Teleport checks if the binary was compiled against an approved cryptographic module (BoringCrypto) and fails to start if it was not.

See our FedRAMP for SSH and Kubernetes guide for more infromation.

Access Requests

With Teleport we've introduced the ability for users to request additional roles. The Access Request API makes it easy to dynamically approve or deny these requests.

See Access Requests Guide for more information

Have a suggestion or can’t find something?