-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backports #45229 The Teleport Policy docs are currently in two sections of `/admin-guides/access-controls` with overlapping subject areas. This change merges the two sections into a single subsection of `/admin-guides`. To preserve the convention of moving all self-hosted guides into `/admin-guides/deploy-a-cluster`, this change also moves guides to self-hosting the Access Graph Service into `/admin-guides/deploy-a-cluster/access-graph`. More specific changes: - Add a subsection of the Policy section for integrations. - Make the Policy section a top-level section within Admin Guides, since we add another directory, to keep the max sidebar depth at four. - Move the contents of `/admin-guides/access-controls/access-graph` to the `/admin-guides/teleport-policy/integrations` directory, since all of the guides in `access-graph` had to do with integrations. - Change the Teleport Policy Integrations page into a menu. The page overlaps with the instructions on the AWS integration, so repurpose the guide as an overview. - Turn the Policy Get Started guide into a menu. The guide is a brief overview, so it functions well as the introduction to a menu page. - Rename the usage guide so it appears first on the auto-generated sidebar section.
- Loading branch information
Showing
14 changed files
with
110 additions
and
33 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
8 changes: 0 additions & 8 deletions
8
docs/pages/admin-guides/access-controls/access-graph/access-graph.mdx
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 0 additions & 10 deletions
10
docs/pages/admin-guides/access-controls/teleport-policy/teleport-policy.mdx
This file was deleted.
Oops, something went wrong.
11 changes: 11 additions & 0 deletions
11
docs/pages/admin-guides/deploy-a-cluster/access-graph/access-graph.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
title: "Self-Hosting Teleport Access Graph" | ||
description: Explains how to deploy Teleport Access Graph alongside a self-hosted Teleport cluster. | ||
--- | ||
|
||
If you run a self-hosted Teleport cluster, using Teleport Access Graph (part of | ||
Teleport Policy) requires running the Access Graph Service on your own | ||
infrastructure. The following guides show you how to deploy the Access Graph | ||
Service. | ||
|
||
(!toc!) |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
docs/pages/admin-guides/teleport-policy/integrations/integrations.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
title: Teleport Policy Integrations | ||
description: Integrations in Access Graph with Teleport Policy. | ||
--- | ||
|
||
Teleport can integrate with identity providers (IdPs) like Okta and AWS OIDC | ||
which can then be used with Access Graph, providing a comprehensive, | ||
interactive view of how users, roles, and resources are interconnected, | ||
enabling administrators to better understand and control access policies. | ||
|
||
Read the following guides for information on using Teleport Access Graph to | ||
visualize role-based access controls from third-party services: | ||
|
||
(!toc!) | ||
|
||
## Viewing available integrations | ||
|
||
The Integrations page shows integrations that can be enabled or are already | ||
enabled in Access Graph. | ||
|
||
![Integrations](../../../../img/access-graph/integrations.png) | ||
|
||
Resources imported into Teleport through Teleport-enabled integrations are | ||
automatically imported into Teleport Policy without any additional | ||
configuration. | ||
|
||
To access the interface, your user must have a role that allows `list` and `read` verbs on the `access_graph` resource, e.g.: | ||
|
||
```yaml | ||
kind: role | ||
version: v7 | ||
metadata: | ||
name: my-role | ||
spec: | ||
allow: | ||
rules: | ||
- resources: | ||
- access_graph | ||
verbs: | ||
- list | ||
- read | ||
``` | ||
The preset `editor` role has the required permissions by default. | ||
|
||
## Set up a new integration | ||
|
||
Visit the Teleport Web UI and click **Access Management** on the menu bar at the | ||
top of the screen. | ||
|
||
On the left sidebar, click **Access Graph**. Click the connection icon: | ||
![Connection view](../../../../img/access-graph/connection_view.png) | ||
Choose an application to integrate with. | ||
|
31 changes: 31 additions & 0 deletions
31
docs/pages/admin-guides/teleport-policy/teleport-policy.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
--- | ||
title: Teleport Policy | ||
description: A reference for Access Graph with Teleport Policy. | ||
--- | ||
|
||
Teleport Policy unifies management of access policies across your infrastructure. | ||
It hardens your access controls and visually shows up-to-date relationships and policies of all users, groups, and computing resources | ||
It can help you answer questions like: | ||
|
||
- What resources can a specific user access? | ||
- What users can access a specific resource? | ||
- What are the relationships between users, roles, and resources? | ||
|
||
## Getting started with Teleport Policy | ||
|
||
Teleport Policy is a separately licensed product and is available to Teleport Enterprise customers. | ||
Access Graph is a major capability of Teleport Policy that visually shows the relationships of | ||
policies of users, groups, and computing resources. | ||
|
||
After logging into the Teleport UI, go to the Management tab. If enabled, Teleport Policy’s Access Graph options | ||
can be found under the Permission Management section. | ||
|
||
<Admonition type="note"> | ||
Note: For managed Enterprise customers, Teleport Policy is enabled by default. | ||
If you are a self-hosted Teleport customer, you will need to [deploy the Access Graph Service](../deploy-a-cluster/access-graph/access-graph.mdx) and ensure you have an updated | ||
`license.pem` with Teleport Policy enabled to use it. | ||
</Admonition> | ||
|
||
## Teleport Policy guides | ||
|
||
(!toc!) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters