Set up Teleport connector
Why does this connector look different from most others? Unlike most of the software ConductorOne integrates with, Teleport doesn’t expose APIs that can be used to connect the two systems. Additionally, Teleport data can only be gathered from unlocked vaults, which means that a user must unlock the vault and manually kick off the data collection process; a periodic automated data pull won’t work.
To work around these issues, ConductorOne’s Teleport Baton connector uses the Teleport CLI to interact with your vaults. Once the CLI is set up,
baton-1passworduses it to interact with your Teleport vaults. The connector will capture user and entitlement data in a file that you upload to ConductorOne.
Capabilities
| Resource | Sync | Provision |
|---|---|---|
| Accounts | ✅ | |
| Groups | ✅ | ✅ |
| Vaults | ✅ |
Available hosting methods
Choose the hosting method that best suits your needs:
| Method | Availability | Notes |
|---|---|---|
| Cloud hosted | A built-in, no-code connector hosted by ConductorOne. | |
| Self-hosted | ✅ | The Teleport connector, hosted and run in your own environment. |
Integrate your Teleport instance
This connector requires use of Teleport 8 on a Families, Teams, Business, or Enterprise plan. Before you begin, make sure you have a vault set up.
Step 1: Set up the Teleport CLI and locate your sign-in address
Install the Teleport CLI and make sure it is upgraded to the current version.
Locate your Teleport sign-in address by following the instructions in the Teleport docs. We’ll use this address in Step 2.
Step 2: Install baton-1password and generate a .c1z file
Run the brew or source commands shown below to install
baton-1password, substituting the sign-in address you looked up in Step 1 formyaddress.1password.com.brew
brew install conductorone/baton/baton conductorone/baton/baton-1password baton-1password baton resourcessource
go install github.com/conductorone/baton/cmd/baton@main go install github.com/conductorone/baton-1password/cmd/baton-1password@main BATON_ADDRESS=myaddress.1password.com baton-1password baton resources
Each installation method includes a baton-1password command. This command runs the sync on the connector and stores the gathered data in a sync.c1z file. In the next step, you’ll upload this file to ConductorOne.
Step 3: Upload Teleport data to ConductorOne
This task requires the Connector Administrator or Super Administrator role in ConductorOne.
In ConductorOne, navigate to an existing application you wish to add the connector data to, or create a new application.
To create a new application, follow the steps in Create custom applications.
To use an existing application, click Applications. On the Managed apps tab, select the application’s name from the list.
On the application’s page, scroll down to the Connectors area of the page.
Click Import app data and select From file.
Click Choose file and select the
sync.c1zfile generated in Step 2.
Once the upload is complete, ConductorOne adds the information pulled from the connector about accounts, groups, roles, resources, and grants (as relevant) to the application.
To update information in ConductorOne: Re-run the
baton-1passwordcommand, generate a newsync.c1zfile, and re-upload the file to ConductorOne using the process above.