self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add examples to authentication.

Browse source 
Fix documentation that lacks concrete examples of how to set up
authentication preferences.
This commit is contained in:
Sasha Klizhentas 2017-12-01 09:30:34 -08:00
parent ced54aaeeb
commit 2fd373ee64
1 changed files with 44 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
docs/2.3/admin-guide.md
View file

@ -337,23 +337,52 @@ proxy_service:
Teleport uses the concept of "authentication connectors" to authenticate users when
they execute `tsh login` command. There are three types of authentication connectors:
* **local** is used to authenticate against a local Teleport user database. This database
is managed by `tctl users` command. Teleport also supports second factor authentication
(2FA) for the local connector. There are two types of 2FA:
* [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
is the default. You can use [Google Authenticator](https://en.wikipedia.org/wiki/Google_Authenticator) or
[Authy](https://www.authy.com/) or any other TOTP client.
* [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) is the second.
**Local**
* **saml** connector type implements SAML authentication. It can be configured
against any external identity manager like Okta or Auth0. This feature is
only available for Teleport Enterprise.
* **oidc** connector type implements OpenID Connect (OIDC) authentication, which
is similar to SAML in principle. This feature is only available for Teleport
Enterprise.
Local authentication is used to authenticate against a local Teleport user database. This database
is managed by `tctl users` command. Teleport also supports second factor authentication
(2FA) for the local connector. There are two types of 2FA:
* [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
is the default. You can use [Google Authenticator](https://en.wikipedia.org/wiki/Google_Authenticator) or
[Authy](https://www.authy.com/) or any other TOTP client.
* [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) is the second.
Here is an example of this setting in the `teleport.yaml`:
```yaml
auth_service:
authentication:
type: local
second_factor: u2f
```
**SAML**
This connector type implements SAML authentication. It can be configured
against any external identity manager like Okta or Auth0. This feature is
only available for Teleport Enterprise.
Here is an example of this setting in the `teleport.yaml`:
```yaml
auth_service:
authentication:
type: saml
```
**OIDC**
Teleport implements OpenID Connect (OIDC) authentication, which
is similar to SAML in principle. This feature is only available for Teleport Enterprise.
Here is an example of this setting in the `teleport.yaml`:
```yaml
auth_service:
authentication:
type: oidc
```
The authentication connector type is configured via `auth/authentication/type`
setting in the `teleport.yaml` above.
## FIDO U2F