On-demand users

Normally, Advanced Server Access creates user accounts when a server is enrolled or a new user is added to a project. Configuring on-demand users for a project forces Advanced Server Access to only create an account when a user attempts to access a server. While the account is active, on-demand users hold the same level of access and permissions as all other users. After a session ends, the Advanced Server Access server agent waits the specified duration and then removes the account.

You can configure on-demand users for a project at any time by configuring the On Demand User TTL (Time to Live) setting. See Create a project.

If you enable on-demand users, you must make the server accessible through port 4421 of the previous network hop. For connections through a bastion or gateway, the server must be accessible from port 4421 of the bastion or gateway. For direct connections, the server must be accessible from port 4421 on the client. For more information, see Access Broker Options.

Related topics

Manage groups and projects