Teleport (software)
Open-source software
Teleport
Company typePrivate
Industry
Founded2015; 11 years ago (2015)
HeadquartersOakland, California
Key people
  • Ev Kontsevoy (CEO)
  • Aleksandr Klizhentas (CTO)
  • Taylor Wakefield (COO)
Number of employees
230
Websitegoteleport.com
Teleport
DeveloperGravitational Inc.
Stable release
18.5.1[1] / 27 December 2025
Repository
  • github.com/gravitational/teleport
Written inGo
Operating systemLinux, macOS, Microsoft Windows, Docker, Kubernetes, Amazon EC2, Amazon ECS, Helm
LicenseGNU Affero General Public License
Websitegoteleport.com 

Teleport is an open-source tool that provides identity and access management (IAM), access control and zero trust access to servers, databases, cloud applications, Kubernetes clusters, Git repositories, Model Context Protocol (MCP) servers, and web applications.[2][3][4] It also provides access control and security for artificial intelligence models and computing environments, including large language models and agentic AI.

It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Remote Desktop Protocol, HTTPS, Kubernetes, and cloud consoles via a built-in proxy.[5][6]

History

Teleport began as an open-source library used by the Gravity project [7] to enable secure software deployments into restricted and regulated environments. Gravitational was a member of the 2015 Y Combinator cohort,[8] and Teleport was originally released in June 2016.[9]

Teleport was open sourced as a standalone tool by Gravitational Inc. in 2016.[10] It is currently deployed in production by Samsung, NASDAQ, IBM, Ticketmaster, Epic Games and others.[11][12] It has been publicly audited by technology security companies like Cure 53[13] and Doyensec.[14][15]

Teleport 3.0 was released in October 2018 and introduced Kubernetes integration.[16] Version 4.0 was released in 2019 and included support for IoT infrastructure and products.[17]

In December 2023, Teleport announced a change in the license of their source code from the previously used Apache 2.0 License to the AGPLv3 license.[18]

Teleport 18.0.0 and 18.1.0 were released in July 2025, introducing cross-system identity activity traceability, per-session multi-factor authentication for databases, and automated access request reviews. 18.1.0 introduced support for MCP servers and database access, allowing MCP clients like Claude Desktop to execute queries in protected databases.[19]

Teleport 18.2.0, released in September 2025, introduced Al-generated summaries for SSH, Kubernetes and database session logs.[20]

The open-source version of Teleport is known as Teleport Community and remains available for download on company's GitHub. Gravitational Inc also offers a commercial version of Teleport (Teleport Enterprise) for securing enterprise development environments.[2]

Teleport is used by more than 500 organizations globally, including three of the top five largest financial services firms and three of the top ten largest software companies in the world.[21]

Architecture

Teleport is written in Go programming language and runs on UNIX-compatible operating systems, including Linux, macOS, and several BSD variants.[22] Teleport consists of two executables: tsh (command line client) and teleport (server daemon).

The teleport server daemon can run in the following modes:[23]

  • Node: In this mode, the daemon is providing SSH and Kubernetes access to the server it is running on.
  • Proxy: In this mode, the daemon is acting as an identity-aware proxy for all protocols supported by Teleport. Currently, this includes SSH, HTTPS, and Kubernetes API.
  • Auth Server: In this mode, the daemon acts as a certificate authority that all other daemons must authenticate with. The auth server is issuing certificates for users and for servers and stores the audit log.

Features

Teleport provides the following features, as detailed on GitHub:[2]

Access Proxy

Teleport proxy provides SSH and HTTPs access to servers, applications, and Kubernetes clusters across multiple data centers, cloud providers, and edge devices. The proxy is identity-aware, and only allows certificate-based authentication by integrating with an identity provider such as Okta, GitHub, Microsoft Entra ID, Active Directory, and others.[2]

Audit and Session Recording

Teleport collects an audit trail of system events across all servers it is installed on and stores them in an audit log for compliance purposes. Auditable events include authentication attempts, file transfers, network connections, and file system changes made during an SSH session. The audit log can be stored on an encrypted file system or a cloud data store. Hardware security modules can also be used to encrypt session recordings prior to uploading them to storage.

Teleport records interactive user sessions for SSH and Kubernetes protocols and stores them in the audit log. Stored sessions can be replayed via a built-in session player. Teleport uses eBPF for the low latency kernel level session recording.[24]

Al Session Summaries, released in Teleport 18.2.0, allows administrators to generate and view session recording summaries during review of shell and database sessions.[20][25]

Just-in-Time (JIT) Access

Teleport users can request a one-time elevation of permissions to complete a privileged task. These elevated privileges are granted through certificates that expire automatically. Requests can be approved or denied via chat ops tools such as Slack, Mattermost, PagerDuty, Discord, or custom workflows via the Teleport API.

MCP and AI Access

Teleport places identity-aware policy enforcement between MCP clients and servers. This is used to ensure all tool invocations are authenticated, authorized, and auditable to protect proprietary systems or sensitive data sources from unauthorized access or security threats such as prompt injection.[26] Short-lived certificates ensure that bots and agents are not left unattended with API keys or access tokens.

Passwordless Authentication

Teleport uses identity-based cryptography to issue cryptographic identities to users, machines, workloads, devices, and protected resources involved in infrastructure access. These identities are tied to a biometric or comparable attribute, such as a Trusted Platform Module or secure enclave for Apple hardware. This provides passwordless access to resources like servers, databases, Kubernetes clusters, and internal web apps without usernames, passwords, private keys, or other exploitable secrets.[27]

Principle-of-Least-Privilege (PoLP)

Teleport is used to enforce the principle of least privilege uniformly across distributed and complex computing environments such as multicloud, hybrid cloud, containerized, or remote on-premises infrastructure. This also includes LLM, MCP, and AI agent infrastructure.[2]

Privileged Access Management (PAM)

Teleport provides privileged access management software features like secure remote access, unified access management, identity management, and access requests/approvals across multi-cloud,hybrid, Kubernetes, on-premises, and AI infrastructure.[28]

Teleport does not store, rotate, or distribute passwords, API keys, or DevOps secrets. Teleport also does not utilize password managers or credential vaults. Instead, privileged access is distributed securely with certificates configured to automatically expire.[27] This approach ensures issuance is dependent on the requesting human or non-human identity, rather than a password or key, thereby reducing or eliminating the risks of hard coded, shared, or forgotten credentials being compromised.

Servers running Teleport can be securely remote accessed by clients regardless of their physical location, even when they are using a cellular connection.

Role-Based Access Control (RBAC)

Teleport applies role-based access control consistently across infrastructure and resources. This includes nested access lists for hierarchical role management, real-time notifications for access changes, and streamlined access reviews for audits.

Single Sign-On (SSO)

Teleport uses single-sign on (SSO) to provide a unified access plane where users can authenticate and centrally access cloud and on-premises infrastructure.

Web UI

Teleport offers a web-based client for configuration and accessing resources like databases, cloud consoles, Kubernetes clusters, web applications, and servers via SSH. The web UI also provides access to the audit log.

References

  1. ^ https://github.com/gravitational/teleport/releases/tag/v18.5.1
  2. ^ a b c d e gravitational/teleport, Gravitational, 2020-04-02, retrieved 2020-04-04
  3. ^ "Teleport Reviews and Pricing - 2020". www.capterra.com. Retrieved 2020-04-05.
  4. ^ Raynovich, R. Scott (2025-02-25). "Teleport Expands Secure Identity Platform for Growth". www.futuriom.com. Retrieved 2026-01-01.
  5. ^ "Gravitational Draws Kubernetes Into Its Secure Credential Sphere". SDX Central. 5 October 2018.
  6. ^ Wiggers, Kyle (2022-05-03). "Teleport nabs $110M to provide identity-based infrastructure access". TechCrunch. Retrieved 2026-01-01.
  7. ^ "gravity/docs/4.x/manage.md at master · gravitational/gravity". GitHub. Retrieved 2024-06-05.
  8. ^ "Gravitational nabs $25M Series A to ease cloud deployment with Kubernetes". TechCrunch. 20 November 2019. Retrieved 2020-04-05.
  9. ^ "Show HN: Teleport – SSH for Clusters and Teams | Hacker News". news.ycombinator.com. Retrieved 2020-04-05.
  10. ^ "Teleport 1.0 Released". gravitational.com. Retrieved 2020-04-04.
  11. ^ Stewart, Ashley. "This ex-Rackspace director's startup Gravitational just raised $25 million to 'liberate' customers from Amazon Web Services and Microsoft". Business Insider. Retrieved 2020-04-04.
  12. ^ Gravitational (2019-04-03). "Gravitational Has Record Year with Doubled Revenue and Tripled Enterprise Customers". GlobeNewswire News Room (Press release). Retrieved 2020-04-05.
  13. ^ "Pentest-Report Teleport 2.6.0 05.2018" (PDF). Cure 53.
  14. ^ "Doyensec Gravitational Teleport Report Q22019 with retesting" (PDF). Doyensec.
  15. ^ "Doyensec Gravitational Gravity Report Q22019 with retesting" (PDF). Doyensec.
  16. ^ "Teleport 3.0 provides ITOps with method for managing privileged access to their infrastructure". ITOps Times. 2018-10-02. Retrieved 2020-04-04.
  17. ^ Fox, Brenda. "Gravitational Updates Its Open Source Management To Deliver IoT-Centric Security". www.idevnews.com. Retrieved 2020-04-04.
  18. ^ "Teleport OSS will relicense to AGPLv3". Retrieved 2024-03-26.
  19. ^ gravitational. "Release Teleport 18.1.0 · gravitational/teleport". GitHub. Retrieved 2026-01-01.
  20. ^ a b gravitational. "Release Teleport 18.2.0 · gravitational/teleport". GitHub. Retrieved 2026-01-01.
  21. ^ Salmon, Kaleah. "Teleport wins AWS award for securing high-growth infrastructure". SecurityBrief UK. Retrieved 2026-01-01.
  22. ^ "Package teleport". godoc.org. Retrieved 2020-04-05.
  23. ^ "CHANGELOG.md - gravitational/teleport - Sourcegraph". sourcegraph.com. Retrieved 2020-04-05.
  24. ^ "BPF in Teleport". GitHub.com. Retrieved 2025-04-17.
  25. ^ Simone, Stephanie (2025-09-25). "Teleport Identity Security Beefs Up Data Protection with AI Session Summaries". Database Trends and Applications. Retrieved 2026-01-01.
  26. ^ "Securing Model Context Protocol (MCP) with Teleport and AWS". nhimg.org. Retrieved 2026-01-01.
  27. ^ a b Keary, Tim (2022-07-27). "Teleport introduces passwordless authentication to access management". VentureBeat. Retrieved 2026-01-02.
  28. ^ "Deploying bulletproof PAM with Gravitational Teleport - Gcore". gcore.com. Retrieved 2026-01-01.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Teleport_(software)&oldid=1331311693"