Teleport
How to Choose a Teleport Edition
Version preview- Older Versions
The fully-featured edition of Teleport is called Teleport Enterprise.
For most users, we recommend signing up for a cloud-hosted Teleport Enterprise account. Our team at Teleport manages the Teleport Auth Service and Proxy Service, giving you a running Teleport cluster where you can configure RBAC, set up Single Sign-On connectors, and register resources by deploying additional Teleport services.
Read more about Teleport Enterprise (cloud-hosted).
Self-hosting Teleport Enterprise
For organizations with specific security needs, it is also possible to run a self-hosted Teleport Enterprise cluster. Self-hosting Teleport Enterprise allows you to set up advanced features like Hardware Security Modules and FedRAMP compliance.
Read more about self-hosting Teleport Enterprise.
Migrating Teleport Enterprise clusters to the cloud
We recommend using the cloud-hosted edition of Teleport Enterprise for most organizations, as it removes the overhead of maintaining, scaling, and securing a deployment of the Auth Service and Proxy Service. To migrate from a self-hosted Teleport Enterprise deployment to a cloud-hosted deployment, follow the migration guide.
Teleport Community Edition
For hobby and personal use, we provide a free, open source distribution of Teleport that enables you to get secure access to databases, Windows desktops, Kubernetes clusters, and more.
Try out Teleport on a Linux server. If you would like to take a look at the source, visit the Teleport GitHub repository.
Comparing editions
Access Controls
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Dual Authorization | ✖ | ✔ | ✔ |
| Hardware Key Support | ✖ | ✔ | ✔ |
| Moderated Sessions | ✖ | ✔ | ✔ |
| Role-Based Access Control | ✔ | ✔ | ✔ |
| Single Sign-On | GitHub | GitHub, Google Workspace, OIDC, SAML, Teleport | GitHub, Google Workspace, OIDC, SAML, Teleport |
Audit logging and session recording
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Enhanced Session Recording | ✔ | ✔ | ✔ |
| Recording Proxy Mode | ✔ | ✔ | ✖ |
| Session Recording with Playback | ✔ | ✔ | ✔ |
| Structured Audit Logs | ✔ | ✔ | ✔ |
Compliance
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| FedRAMP Control | ✖ | ✔ | ✖ |
| FIPS-compliant binaries available for FedRAMP High | ✖ | ✔ | ✖ |
| IP-Based Restrictions | ✖ | ✔ | ✔ |
| PCI DSS Features | Limited | ✔ | ✔ |
| SOC 2 Features | Limited | ✔ | ✔ |
Identity
Available as an add-on to Teleport Enterprise
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Access Monitoring & Response | ✖ | ✔ | ✔ |
| Access Lists & Access Reviews | ✖ | ✔ | ✔ |
| Device Trust | ✖ | ✔ | ✔ |
| Endpoint Management: Jamf | ✖ | ✔ | ✔ |
| JIT Access Requests | Limited | ✔ | ✔ |
| Session & Identity Locks | ✖ | ✔ | ✔ |
Infrastructure access
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Agentless Integration with OpenSSH Servers | ✔ | ✔ | ✔ |
| Application Access | ✔ | ✔ | ✔ |
| Database Access | ✔ | ✔ | ✔ |
| Desktop Access | ✔ | ✔ | ✔ |
| Kubernetes Access | ✔ | ✔ | ✔ |
| Machine ID | ✔ | ✔ | ✔ |
| Server Access | ✔ | ✔ | ✔ |
Licensing and usage management
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Annual or multi-year contracts, volume discounts | ✖ | ✔ | ✔ |
| Anonymized Usage Tracking | Opt-in | ✔ | ✔ |
| License | Apache 2 | Commercial | Commercial |
Operations
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Auth Service and Proxy Service Management | Self-hosted | Self-hosted | Fully managed |
| Backend support | Any S3-compatible storage for session records, many managed backends for custom audit log storage. | Any S3-compatible storage for session records, many managed backends for custom audit log storage | All data is stored in DynamoDB and S3 with server-side encryption. |
| Data storage location | Can store data anywhere in the world, on most managed cloud backends | Can store data anywhere in the world, on most managed cloud backends | Data is stored in Teleport's AWS infrastructure with audit logs/sessions optionally in customer AWS accounts. Proxy Service instances are deployed across the world for low-latency access. |
| Hardware Security Module support for encryption at rest | ✖ | ✔ | ✖ |
| Proxy Service domain name | Custom | Custom | A subdomain of teleport.sh |
| Version support | All supported releases available to install and download. | All supported releases available to install and download. | Deploys last stable release with 2-3 week lag for stability. |
Support
| Community Edition | Enterprise | Cloud | |
|---|---|---|---|
| Support | Community | 24x7 support with premium SLAs and account managers | 24x7 support with premium SLAs and account managers |