

As I start a new session, it will require me to tap my YubiKey. These policies can be enforced by the OPS team without having to get buy-in from IT.


By using a hardware token, theft of credentials becomes much harder. Many IDPs let teams set up best practices for securing accounts such as requiring a second factor, but sometimes that's not enough.īen: Teleport 6.1 lets you add another layer of protection by requiring users to present a hardware token when starting a new SSH or Kubernetes session. Creating rules such as engineers can only obtain a four-hour certificate for access vs. As new team members join, they can be added to external groups, and these can be easily mapped to Teleport roles. Teleport uses identity providers such as Google Workspaces, Active Directory, or your own SAML or RODC provider combined with Teleport roles to provide fine-grained access. This video introduces Teleport's additional second-factor authentication.īen: Introducing Teleport's additional second-factor authentication.
