# Teleport Agentic Identity Framework Design and reference implementation for the secure deployment of agents on infrastructure. Use cases and solutions with built-in security invariants, observability, and governance. Integrate security into agentic systems from the initial design phase. ![Teleport Agentic Identity Framework](/docs/assets/images/agentic-ai-hero-4490ee36e7102b7acd6236e7abebc365.png) ### Deploy agents safely across infrastructure - Give each agent a strong identity, from ephemeral to long-standing workloads - Enforce least-privileged access to services, databases, and infrastructure - Maintain audit trails for agent actions ### Govern MCP-based access - Secure agent calls to tools via MCP proxy with authorization and visibility - Discover and track MCP servers to reduce drift and shadow deployments - Standardize how teams publish and consume MCP endpoints ### Control and observe LLM usage - Enforce rate limits, budgets, and model routing - Apply “guardrails” with prompt/response tracking - Quantify usage and cost by team ### Detect shadow agents and misbehavior - Discover unmanaged agents and MCP servers - Detect compromised or policy-violating agents - Improve incident response with centralized visibility ### Operationalize agent workflows in production - Orchestrate agents on Kubernetes and Temporal with repeatable patterns - Use retries/limits/cascading tasks to reduce fragility - Improve debugging and developer experience for agent deployments ## Agentic Identity You can use Teleport to issue and manage cryptographic identities for agents, including delegated identities and identities for long-running agents across all of your infrastructure. Started ### Digital Twins Agents operate on behalf of principals while preserving approval/authorization workflows. --- - [Delegation Flows](https://github.com/gravitational/teleport/blob/master/rfd/0238-delegating-access-to-ai-workloads.md) - [Session Management](https://github.com/gravitational/teleport/blob/master/rfd/0238-delegating-access-to-ai-workloads.md#starting-a-session-from-tsh) - [Access Control](https://github.com/gravitational/teleport/blob/master/rfd/0238-delegating-access-to-ai-workloads.md#access-controls) In-progress ### Identity for long-running agents Identity for long-running agents without shared secrets, with attestation and revocation. --- - [Issuing Identity](https://goteleport.com/docs/machine-workload-identity/workload-identity/introduction.md) - [Attestation](https://goteleport.com/docs/reference/machine-workload-identity/workload-identity/workload-identity-api-and-workload-attestation.md) - [Revocation](https://goteleport.com/docs/reference/machine-workload-identity/workload-identity/revocations.md) In-progress ### Identity for LLM apps Building LLM applications accessing external resources. --- - [JWT MCP Authentication](https://goteleport.com/docs/enroll-resources/mcp-access/jwt.md) - Identity provider integration ## Agentic Access You can use Teleport to manage authorization to infrastructure, services, and data with discovery of MCP servers and LLM controls, including rate limiting, load balancing, budgets, prompt/response tracking, and guardrails. In-progress ### MCP Access Access and audit agent calls to databases, services, and infrastructure using MCP. --- - [MCP Servers](https://goteleport.com/docs/connect-your-client/model-context-protocol/mcp-access.md) - [Databases](https://goteleport.com/docs/connect-your-client/model-context-protocol/database-access.md) - [Kubernetes Clusters](https://goteleport.com/docs/connect-your-client/model-context-protocol/kube-access.md) In-progress ### MCP Catalog Discover MCP servers across infrastructure, track drift over time, and reduce unmanaged endpoints. --- - [Dynamic Registration](https://goteleport.com/docs/enroll-resources/mcp-access/dynamic-registration.md) - [Access Control](https://goteleport.com/docs/enroll-resources/mcp-access/rbac.md) - Tracking Changes and Provenance Not started ### LLM Access Control and observe LLM usage across teams with rate limiting, budgeting, model routing, and prompt/response tracking. --- - Guardrails - Rate limiting - Budgeting - Multiplexing ## Agentic Security Teleport provides discovery, detection, and analytics for AI agents and MCP servers to reduce shadow deployments and context poisoning attacks. In-progress ### Visibility & Discovery Continuous discovery, detection, and policy violation insights for agents and MCP endpoints. --- - [Exploring Access Paths and Activity](https://goteleport.com/docs/identity-security/usage.md) - Discovery In-progress ### Audit & Security Comprehensive audit trails and behavior analysis for agent actions across infrastructure. --- - [Session Recording and Audit](https://goteleport.com/docs/reference/audit-events.md#mcpsessionend) - Behavior analysis ## Scheduling & Orchestration Integrations and SDKs for modern agentic orchestration tools enable secure identities for agentic workflows accessing resources like databases and git repositories, as well as file sharing and developer tooling. Not started ### Data Sharing Mechanisms for securely passing data between agents, tasks, and workflows. Not started ### Workflows Multi-step agent workflows with retries, limits, and reusable execution patterns. Not started ### Developer Experience Primitives and tooling - including loops, retries, limits, and debugging - to build and operate agent systems reliably. We're building the future of Agentic AI. [Join us](https://goteleport.com/community/) and collaborate on what's next. ### Cloud providers #### Bare Metal #### Google Cloud #### AWS #### Microsoft Azure ## Integrations ### Snowflake ### gRPC ### Grafana ### PostgreSQL ### SSH ### Ubuntu ### MongoDB ### Kubernetes ### Jenkins ### Jupyterhub ### Redis ### Elasticsearch