Teleport
How to Choose a Teleport Edition
Version preview- Older Versions
The fully-featured edition of Teleport is called Teleport Enterprise.
For most users, we recommend signing up for a cloud-hosted Teleport Enterprise account. Our team at Teleport manages the Teleport Auth Service and Proxy Service, giving you a running Teleport cluster where you can configure RBAC, set up Single Sign-On connectors, and register resources by deploying additional Teleport services.
Read more about Teleport Enterprise (cloud-hosted).
Self-hosting Teleport Enterprise
For organizations with specific security needs, it is also possible to run a self-hosted Teleport Enterprise cluster. Self-hosting Teleport Enterprise allows you to set up advanced features like Hardware Security Modules and FedRAMP compliance.
Read more about self-hosting Teleport Enterprise.
Migrating Teleport Enterprise clusters to the cloud
We recommend using the cloud-hosted edition of Teleport Enterprise for most organizations, as it removes the overhead of maintaining, scaling, and securing a deployment of the Auth Service and Proxy Service. To migrate from a self-hosted Teleport Enterprise deployment to a cloud-hosted deployment, follow the migration guide.
Teleport Community Edition
For hobby and personal use, we provide a free, open source distribution of Teleport that enables you to get secure access to databases, Windows desktops, Kubernetes clusters, and more.
Try out Teleport on a Linux server. If you would like to take a look at the source, visit the Teleport GitHub repository.
Comparing editions
Access Controls
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Dual Authorization | ✖ | ✔ | ✔ |
Hardware Key Support | ✖ | ✔ | ✔ |
Moderated Sessions | ✖ | ✔ | ✔ |
Role-Based Access Control | ✔ | ✔ | ✔ |
Single Sign-On | GitHub | GitHub, Google Workspace, OIDC, SAML, Teleport | GitHub, Google Workspace, OIDC, SAML, Teleport |
Audit logging and session recording
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Enhanced Session Recording | ✔ | ✔ | ✔ |
Recording Proxy Mode | ✔ | ✔ | ✖ |
Session Recording with Playback | ✔ | ✔ | ✔ |
Structured Audit Logs | ✔ | ✔ | ✔ |
Compliance
Community Edition | Enterprise | Cloud | |
---|---|---|---|
FedRAMP Control | ✖ | ✔ | ✖ |
FIPS-compliant binaries available for FedRAMP High | ✖ | ✔ | ✖ |
IP-Based Restrictions | ✖ | ✔ | ✔ |
PCI DSS Features | Limited | ✔ | ✔ |
SOC 2 Features | Limited | ✔ | ✔ |
Identity
Available as an add-on to Teleport Enterprise
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Access Monitoring & Response | ✖ | ✔ | ✔ |
Access Lists & Access Reviews | ✖ | ✔ | ✔ |
Device Trust | ✖ | ✔ | ✔ |
Endpoint Management: Jamf | ✖ | ✔ | ✔ |
JIT Access Requests | Limited | ✔ | ✔ |
Session & Identity Locks | ✖ | ✔ | ✔ |
Infrastructure access
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Agentless Integration with OpenSSH Servers | ✔ | ✔ | ✔ |
Application Access | ✔ | ✔ | ✔ |
Database Access | ✔ | ✔ | ✔ |
Desktop Access | ✔ | ✔ | ✔ |
Kubernetes Access | ✔ | ✔ | ✔ |
Machine ID | ✔ | ✔ | ✔ |
Server Access | ✔ | ✔ | ✔ |
Licensing and usage management
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Annual or multi-year contracts, volume discounts | ✖ | ✔ | ✔ |
Anonymized Usage Tracking | Opt-in | ✔ | ✔ |
License | Apache 2 | Commercial | Commercial |
Operations
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Auth Service and Proxy Service Management | Self-hosted | Self-hosted | Fully managed |
Backend support | Any S3-compatible storage for session records, many managed backends for custom audit log storage. | Any S3-compatible storage for session records, many managed backends for custom audit log storage | All data is stored in DynamoDB and S3 with server-side encryption. |
Data storage location | Can store data anywhere in the world, on most managed cloud backends | Can store data anywhere in the world, on most managed cloud backends | Data is stored in Teleport's AWS infrastructure with audit logs/sessions optionally in customer AWS accounts. Proxy Service instances are deployed across the world for low-latency access. |
Hardware Security Module support for encryption at rest | ✖ | ✔ | ✖ |
Proxy Service domain name | Custom | Custom | A subdomain of teleport.sh |
Version support | All supported releases available to install and download. | All supported releases available to install and download. | Deploys last stable release with 2-3 week lag for stability. |
Support
Community Edition | Enterprise | Cloud | |
---|---|---|---|
Support | Community | 24x7 support with premium SLAs and account managers | 24x7 support with premium SLAs and account managers |