Smallstep

Smallstep SSH delivers an end-to-end workflow that marries modern identity providers (OKTA, Azure AD, ...) with short-lived SSH certificates. Users sign in to your identity provider via OAuth and are issued an SSH certificate for the day. It's stored in memory, and they use it to SSH to your hosts as usual. We remove the need to gather, ship, and rotate SSH public keys for all your users and hosts. Because we sync with your identity provider, all server access is immediately revoked when users are removed from your identity provider. Automate access and extend single sign-on to SSH to make SSH keys ephemeral with Smallstep.