I don't have an opinion about Okta. We don't use Okta. I trust Google's security engineering more than I trust my own; in fact: the entire industry implicitly does.
Teleport isn't a hosted solution, or, at least, if it is, we're not using it. We're using an open-source codebase that gives us mandatory, phishing-proof MFA authentication for SSH sessions, access control tied to our source of truth about roles and access, and transcript-level audit logs.
I'd use something like Teleport even if SOC2 didn't exist. SOC2 does exist, so believe that I'm going to apply Teleport features that we already use for security-engineering reasons to every DRL item I can.
Teleport isn't a hosted solution, or, at least, if it is, we're not using it. We're using an open-source codebase that gives us mandatory, phishing-proof MFA authentication for SSH sessions, access control tied to our source of truth about roles and access, and transcript-level audit logs.
I'd use something like Teleport even if SOC2 didn't exist. SOC2 does exist, so believe that I'm going to apply Teleport features that we already use for security-engineering reasons to every DRL item I can.