Teleport Feature Matrix
The Teleport feature matrix lists capabilities of the Teleport Infrastructure Identity Platform, organized by product.
Teleport Zero Trust Access
| Teleport Enterprise (Cloud) | Teleport Enterprise (Self-Hosted) | Teleport Community Edition | |
|---|---|---|---|
| Agentless Integration with OpenSSH Servers | ✔ | ✔ | ✔ |
| Dual Authorization | ✔ | ✔ | ✖ |
| Enhanced Session Recording | ✔ | ✔ | ✔ |
| FedRAMP Control | ✖ | ✔ | ✖ |
| FIPS-compliant binaries available for FedRAMP High | ✖ | ✔ | ✖ |
| IP-Based Restrictions | ✔ | ✔ | ✖ |
| Moderated Sessions | ✔ | ✔ | ✖ |
| PCI DSS Features | ✔ | ✔ | Limited |
| Protecting Applications | ✔ | ✔ | ✔ |
| Protecting Databases | ✔ | ✔ | ✔ |
| Protecting Kubernetes Clusters | ✔ | ✔ | ✔ |
| Protecting Linux Servers | ✔ | ✔ | ✔ |
| Protecting Windows Desktops | ✔ | ✔ | ✔ |
| Recording Proxy Mode | ✖ | ✔ | ✔ |
| Role-Based Access Control | ✔ | ✔ | ✔ |
| Session Recording with Playback | ✔ | ✔ | ✔ |
| Single Sign-On | GitHub, Google Workspace, OIDC, SAML, Teleport | GitHub, Google Workspace, OIDC, SAML, Teleport | GitHub |
| SOC 2 Features | ✔ | ✔ | Limited |
| Structured Audit Logs | ✔ | ✔ | ✔ |
Teleport Identity Governance
Teleport Machine & Workload Identity
| Teleport Enterprise (Cloud) | Teleport Enterprise (Self-Hosted) | Teleport Community Edition | |
|---|---|---|---|
| Machine Access | ✔ | ✔ | ✔ |
| Flexible Workload Identities | ✔ | ✔ | ✔ |
Teleport Identity Security
| Teleport Enterprise (Cloud) | Teleport Enterprise (Self-Hosted) | Teleport Community Edition | |
|---|---|---|---|
| Identity Security | ✔ | ✔ | ✖ |
| Crown Jewel Monitoring | ✔ | ✔ | ✖ |
| SSH Key Scanning | ✔ | ✔ | ✖ |
Management and licensing
| Teleport Enterprise (Cloud) | Teleport Enterprise (Self-Hosted) | Teleport Community Edition | |
|---|---|---|---|
| Annual or multi-year contracts, volume discounts | ✔ | ✔ | ✖ |
| Anonymized Usage Tracking | ✔ | ✔ | Opt-in |
| Auth Service and Proxy Service Management | Fully managed | Self-hosted | Self-hosted |
| Backend support | All data is stored in DynamoDB and S3 with server-side encryption. | Any S3-compatible storage for session records, many managed backends for custom audit log storage | Any S3-compatible storage for session records, many managed backends for custom audit log storage. |
| Data storage location | Data is stored in Teleport's AWS infrastructure with audit logs/sessions optionally in customer AWS accounts. Proxy Service instances are deployed across the world for low-latency access. | Can store data anywhere in the world, on most managed cloud backends | Can store data anywhere in the world, on most managed cloud backends |
| License | Commercial | Commercial | Commercial |
| Proxy Service domain name | A subdomain of teleport.sh | Custom | Custom |
| Support | 24x7 support with premium SLAs and account managers | 24x7 support with premium SLAs and account managers | Community |
| Version support | Deploys last stable release with 2-3 week lag for stability. | All supported releases available to install and download. | All supported releases available to install and download. |
Teleport editions
Teleport includes two editions:
- Teleport Community Edition: An open source offering intended for demos and small teams.
- Teleport Enterprise: A fully-featured commercial offering.
Teleport Enterprise offers two deployment options:
- Cloud: The Teleport team manages the Teleport Auth Service and Teleport Proxy Service on the Teleport Cloud infrastructure.
- Self-Hosted: Teleport users deploy the Teleport Auth Service and Teleport Proxy Service on their own infrastructure.
Teleport Enterprise includes add-on products that provide a more complete infrastructure identity solution, which this guide explains in more detail below.