Create a project

Open the Advanced Server Access dashboard.
Click Projects.
Click Create Project.

Configure the project settings.

Setting	User Action
Project Name	Enter a name to identify the project. Names may contain letters, numbers, dashes, underscores, or periods.
Gateway Selectors	Specify one or more gateway selectors, where each selector is a key-value pair (for example, environment:staging).

Optional. Configure user management settings.

Setting	User Action
Require Preauthorization	Select to force Advanced Server Access to only issue credentials to preauthorized users. See Create a preauthorization for a user.
On Demand User TTL	Select a duration to use on-demand provisioning for user accounts. This forces Advanced Server Access to create a server account only when a user accesses a server. After a session ends, the server agent waits the specified duration and then removes the account. Alternatively, you can select Disabled to provision accounts when a server is enrolled. For details, see On-demand users.

Setting

User Action

Require Preauthorization

Select to force Advanced Server Access to only issue credentials to preauthorized users. See Create a preauthorization for a user.

On Demand User TTL

Select a duration to use on-demand provisioning for user accounts.

This forces Advanced Server Access to create a server account only when a user accesses a server. After a session ends, the server agent waits the specified duration and then removes the account.

Alternatively, you can select Disabled to provision accounts when a server is enrolled.

For details, see On-demand users.

Optional. Configure traffic forwarding settings.

Setting	User Action
Enable traffic forwarding	Select to forward all project traffic through the selected gateways.
Record forwarded SSH sessions	Select to enable session capture for servers enrolled in the project. See Session capture.

Optional. Configure advanced project settings.

Setting	User Action
Certificate Signing Algorithm	Select a public key signature algorithm for authentication keys. By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers. Note: The ssh-rsa algorithm is generally considered insecure; Okta recommends using the ssh-ed25519 algorithm.
Manage Shared Users	Select to force Advanced Server Access to provision two shared users on all servers enrolled in this project. Users are granted credentials for the appropriate shared name when connecting to a server.
Manage Server Users	Select to use Advanced Server Access to create and manage local user accounts on all servers enrolled in the project. Accounts are created for users in every group belonging to the project. Note: Clear this option if you don't want the server agent to manage server accounts.

Setting

User Action

Certificate Signing Algorithm

Select a public key signature algorithm for authentication keys.

By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers.

Note: The ssh-rsa algorithm is generally considered insecure; Okta recommends using the ssh-ed25519 algorithm.

Manage Shared Users

Select to force Advanced Server Access to provision two shared users on all servers enrolled in this project.

Users are granted credentials for the appropriate shared name when connecting to a server.

Manage Server Users

Select to use Advanced Server Access to create and manage local user accounts on all servers enrolled in the project. Accounts are created for users in every group belonging to the project.

Note: Clear this option if you don't want the server agent to manage server accounts.

Click Submit to create the project.

Create a project

Related topics