# Teleport Zero Trust Access Easy access to all your infrastructure, on a foundation of cryptographic identity and zero trust. [Authentication and session joining](https://goteleport.com/docs/zero-trust-access/authentication.md) [Get started with role-based access control (RBAC)](https://goteleport.com/docs/zero-trust-access/rbac-get-started.md) [Export audit events to a SIEM tool](https://goteleport.com/docs/zero-trust-access/export-audit-events.md) [Teleport Zero Trust Access](https://www.youtube.com/embed/Vf9W6EjENcg) ## Popular topics - ### [Sign in with your identity provider](https://goteleport.com/docs/zero-trust-access/sso.md) Log into infrastructure via your Single Sign-On (SSO) provider - [Okta](https://goteleport.com/docs/zero-trust-access/sso/integrate-idp/okta.md) - [GitHub](https://goteleport.com/docs/zero-trust-access/sso/integrate-idp/github-sso.md) - [Entra ID](https://goteleport.com/docs/zero-trust-access/sso/integrate-idp/entra-id-oidc.md) - [More IdPs](https://goteleport.com/docs/zero-trust-access/sso/integrate-idp.md) - ### [VNet: Build without VPNs](https://goteleport.com/docs/enroll-resources/application-access/vnet.md) Connect to internal, non-browser TCP and SSH resources without VPNs. Use familiar tools and workflows while eliminating exposure to public internet. - [Teleport VNet demo](https://youtu.be/OQ98VErAorM) - [VNet guide](https://goteleport.com/docs/connect-your-client/teleport-clients/vnet.md) - ### [Manage and track Teleport audit events](https://goteleport.com/docs/zero-trust-access/export-audit-events.md) Log granular audit events when users and services interact with your cluster. View audit events in Teleport or export them to a third-party tool. - [Elastic Stack](https://goteleport.com/docs/zero-trust-access/export-audit-events/elastic-stack.md) - [Panther](https://goteleport.com/docs/zero-trust-access/export-audit-events/panther.md) - [Datadog](https://goteleport.com/docs/zero-trust-access/export-audit-events/datadog.md) - [Splunk](https://goteleport.com/docs/zero-trust-access/export-audit-events/splunk.md) - ### [Self-host Teleport](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster.md) Run Teleport Enterprise in your own infrastructure, with guides covering high availability and multi-region clusters, securing key material with KMS or HSMs, and more. - [AWS KMS](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster/private-keys/aws-kms.md) - [Google Cloud KMS](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster/private-keys/gcp-kms.md) - [Helm chart](https://goteleport.com/docs/zero-trust-access/deploy-a-cluster/helm-deployments.md) - ### [Infrastructure as Code](https://goteleport.com/docs/zero-trust-access/infrastructure-as-code.md) Manage Teleport's Dynamic Resources using infrastructure as code tools, including Terraform, Helm and the Teleport tctl client tool. - [Terraform](https://goteleport.com/docs/zero-trust-access/infrastructure-as-code/terraform-provider.md) - [Kubernetes operator](https://goteleport.com/docs/zero-trust-access/infrastructure-as-code/teleport-operator.md) - ### [Security best practices](https://goteleport.com/docs/zero-trust-access/management/security.md) Run Teleport Enterprise in your own infrastructure, with guides covering high availability and multi-region clusters, secure CA keys with KMS or HSM, and more. - [Reducing the blast radius of attacks](https://goteleport.com/docs/zero-trust-access/management/security/reduce-blast-radius.md) - [Restricting access](https://goteleport.com/docs/zero-trust-access/management/security/restrict-privileges.md) - [Revoking access](https://goteleport.com/docs/zero-trust-access/management/security/revoking-access.md) ## Use cases - ### [Enroll and protect your infrastructure](https://goteleport.com/docs/enroll-resources.md) Apps, servers, databases, Kubernetes, desktops, and more - ### [VNet: Build without VPNs](https://goteleport.com/docs/enroll-resources/application-access/vnet.md) Secure app and SSH access with no VPNs or proxies - ### [Secure MCP](https://goteleport.com/docs/connect-your-client/model-context-protocol.md) Secure MCP integration with a granular audit trail - ### [Role-Based Access Control (RBAC)](https://goteleport.com/docs/zero-trust-access/rbac-get-started.md) Govern infrastructure access with granular permissions - ### [Passwordless authentication](https://goteleport.com/docs/zero-trust-access/authentication/passwordless.md) Log in securely using biometrics - ### [Device Trust](https://goteleport.com/docs/zero-trust-access/device-trust/guide.md) Enforce access only from trusted, registered devices - ### [Integrate with SSO providers](https://goteleport.com/docs/zero-trust-access/sso.md) Connect Okta, Entra ID, Google, and more - ### [Structured audit export](https://goteleport.com/docs/zero-trust-access/export-audit-events.md) Forward audit logs to SIEMs like Splunk and Datadog - ### [Identity-based audit events](https://goteleport.com/docs/reference/deployment/monitoring/audit.md) Detailed audit logs for every user action - ### [Session recording and playback](https://goteleport.com/docs/enroll-resources/desktop-access/reference/sessions.md) Record a detailed review of what took place - ### [Session sharing and moderation](https://goteleport.com/docs/zero-trust-access/authentication/joining-sessions.md) Require a moderator for privileged sessions - ### [Dual authorization capabilities](https://goteleport.com/docs/identity-governance/access-requests.md) Require approvals to perform critical actions - ### [Manage clusters with IaC](https://goteleport.com/docs/zero-trust-access/infrastructure-as-code.md) Create, update, and manage Teleport in declarative code. ## Enroll resources #### [Applications](https://goteleport.com/docs/enroll-resources/application-access.md) Protect web apps, TCP apps, and Cloud APIs #### [Linux servers](https://goteleport.com/docs/enroll-resources/server-access.md) Secure Linux servers and OpenSSH servers #### [Database access](https://goteleport.com/docs/enroll-resources/database-access.md) PostgreSQL, MongoDB, SQL Server, and more #### [Kubernetes clusters](https://goteleport.com/docs/enroll-resources/kubernetes-access.md) Kubernetes clusters and the apps running in them #### [Windows desktops](https://goteleport.com/docs/enroll-resources/desktop-access.md) With or without Active Directory #### [Auto-discovery of resources](https://goteleport.com/docs/enroll-resources/auto-discovery.md) SSH servers, databases, Kubernetes clusters and apps #### [Cloud providers](https://goteleport.com/docs/enroll-resources/application-access/cloud-apis.md) AWS, Azure, and Google Cloud consoles and CLI #### [MCP and AI agents](https://goteleport.com/docs/enroll-resources/mcp-access.md) Secure agentic AI connections to databases and MCP servers