Role-Based Access Control (RBAC) for Infrastructure

Role-Based Access Control (RBAC) is the practice of managing privileged access to infrastructure through a central directory of users, roles, and teams. Authorization is granted to groups (or roles) within a company directory. This allows individuals to be access secured infrastructure by simply authenticating their identity, usually through a Single Sign-on (SSO) solution tied to the directory.

Teleport supports all major SSO providers, including Okta, Sailpoint, Active Directory, OneLogin, Auth0 and many others.

Who can Benefit from RBAC?

Using RBAC instead of individually-managed authorization and authentication methods (such as SSH keys or VPN logins) means companies can now control user group permissions within their organization but also grant controlled and seamless access to third-party teams. This is useful for:

  • supervised_user_circleCompany-wide compliance teams overseeing multiple infrastructure and engineering groups who use both Kubernetes and SSH.
  • view_comfyManage service providers (MSPs) that manage Kubernetes and generic server clusters for clients.
  • settings_system_daydreamRemote support teams from software vendors who wish to manage remote on-site Kubernetes clusters.
  • cloud_circleInternet-of-Things (IoT) edge cloud management from a centralized office.

Meet Compliance Requirements

RBAC is used to secure the infrastructure and meet compliance requirements around privileged (SSH) access. Specifically, it enables security and systems engineers to enforce security and compliance policies such as:

Multi-factor authentication (MFA). Integrating with company-wide SSO enables two-factor authentication (2FA) for SSH sessions using the same access control plane, simplifying management and audit.

Enforce infrastructure and data compliance. Isolate production environments and production data from specific roles and teams, or limit access to certain roles and teams. Enforce policies like "Developers must never see production data" with ease.

Compliant process for onboarding and transferring employees. Ensure privileged access permissions stay up-to-date as individuals switch roles or leave the company.

Prohibit root access for all roles. Teleport RBAC allows security administrators to remove the need to use root privileges. RBAC also separates SSH permissions management from server management.

Overall, the result of implementing RBAC is reduction in operational overhead. Administrators can control (add, modify, and revoke) privileged access for teams or individuals from one place, while users can get access authorization without needing to manage SSH keys or VPN credentials.

Which Teleport offering is right for you?

Teleport is available through our commercial Enterprise offering or the Community open source software.

Teleport Enterprise

Teleport Enterprise is built around the open-source core, with premium support and additional, enterprise-grade features. It is for organizations that need to secure critical production infrastructure and meet compliance and audit requirements.

Teleport Enterprise includes:

Role Based Access Controls (RBAC) for both SSH and Kubernetes clusters.

Integration with all Enterprise Single Sign-On (SSO) providers.

Multi-cluster dashboard with cross-cloud visibility into access and behavior.

Enterprise-grade support with SLAs and dedicated Slack channel.

2-years of long term support and maintenance (2-year LTS).

Prioritized hotfixes and patches for all supported releases under LTS.

Teleport feature roadmap collaboration with product management.

Demo Teleport Enterprise

Teleport Community

Teleport Community provides modern SSH best practices out of the box for managing elastic infrastructure. Teleport Community is open-source software that anyone can download and install for free.

Teleport Community includes:

Local user database and SSO/RBAC integration with Github.

Monitoring of Github issues and community driven roadmap.

Binaries published for Linux, MacOS and Windows (client only).

Best efforts support via email. Hotfixes and patches for most recent release.

Download Teleport Community