Create a project

  1. Open the Advanced Server Access dashboard.
  2. Click Projects.
  3. Click Create Project.
  4. Configure the project settings.
    SettingUser Action
    Project Name Enter a name to identify the project. Names may contain letters, numbers, dashes, underscores, or periods.
    Gateway Selectors Specify one or more gateway selectors, where each selector is a key-value pair (for example, environment:staging).
  5. Optional. Configure user management settings.
    SettingUser Action
    Require PreauthorizationSelect to force Advanced Server Access to only issue credentials to preauthorized users. See Create a preauthorization for a user.
    On Demand User TTLSelect a duration to use on-demand provisioning for user accounts.

    This forces Advanced Server Access to create a server account only when a user accesses a server. After a session ends, the server agent waits the specified duration and then removes the account.

    Alternatively, you can select Disabled to provision accounts when a server is enrolled.

    For details, see On-demand users.

  6. Optional. Configure traffic forwarding settings.
    SettingUser Action
    Enable traffic forwarding Select to forward all project traffic through the selected gateways.
    Record forwarded SSH sessions Select to enable session capture for servers enrolled in the project. See Session capture.
  7. Optional. Configure advanced project settings.
    SettingUser Action
    Certificate Signing AlgorithmSelect a public key signature algorithm for authentication keys.

    By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers.

    Note: The ssh-rsa algorithm is generally considered insecure; Okta recommends using the ssh-ed25519 algorithm.

    Manage Shared UsersSelect to force Advanced Server Access to provision two shared users on all servers enrolled in this project.

    Users are granted credentials for the appropriate shared name when connecting to a server.

    Manage Server UsersSelect to use Advanced Server Access to create and manage local user accounts on all servers enrolled in the project. Accounts are created for users in every group belonging to the project.

    Note: Clear this option if you don't want the server agent to manage server accounts.

  8. Click Submit to create the project.

Related topics

Add a group to a project

Create a preauthorization for a user

User management

On demand users