Server Enrollment

To allow access to a server, teams must install the Advanced Server Access server agent, and enroll the server agent into a specific project. If a team uses the default configuration, the Advanced Server Access server agent manages user accounts and groups on the server and allows users to open SSH or RDP connections through the Advanced Server Access client.

If a local server account enrolled in Advanced Server Access shares the same user ID as a regular user, the server account will be removed when the user disconnects from the server.

Enrolling an existing server in a new project may cause users or groups added by original project to become inaccessible using Advanced Server Access. These accounts and groups aren't removed from the server but become orphaned and unmanaged.

Enrollment methods

Teams can enroll servers using the following methods:

  • Automatic enrollment: This method requires teams to configure a project to gather discover and enroll servers using metadata gathered from a cloud service provider. Automatic enrollment is enabled by default. See Cloud servers.
  • Token enrollment: This method requires teams to generate a token and add it to a token file stored on the server. Automatic enrollment takes precedence over enrollment tokens. To permit token enrollment, teams may need to set the AutoEnroll: false option in the server agent configuration file. See Create a server enrollment token.

Related topics