Create a project
- Open the Advanced Server Access dashboard.
- Click Projects.
- Click .
- Configure the project settings.
Setting User Action Project Name Enter a name to identify the project. Names may contain letters, numbers, dashes, underscores, or periods. Gateway Selectors Specify one or more gateway selectors, where each selector is a key-value pair (for example, environment:staging).
- Optional. Configure user management settings.
Setting User Action Require Preauthorization Select to force Advanced Server Access to only issue credentials to preauthorized users. See Create a preauthorization for a user. On Demand User TTL Select a duration to use on-demand provisioning for user accounts.
This forces Advanced Server Access to create a server account only when a user accesses a server. After a session ends, the server agent waits the specified duration and then removes the account.
Alternatively, you can select Disabled to provision accounts when a server is enrolled.
For details, see On-demand users.
- Optional. Configure traffic forwarding settings.
Setting User Action Enable traffic forwarding Select to forward all project traffic through the selected gateways. Record forwarded SSH sessions Select to enable session capture for servers enrolled in the project. See Session capture.
- Optional. Configure advanced project settings.
Setting User Action Certificate Signing Algorithm Select a public key signature algorithm for authentication keys.
By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers.
Note: The ssh-rsa algorithm is generally considered insecure; Okta recommends using the ssh-ed25519 algorithm.
Manage Shared Users Select to force Advanced Server Access to provision two shared users on all servers enrolled in this project.
Users are granted credentials for the appropriate shared name when connecting to a server.
Manage Server Users Select to use Advanced Server Access to create and manage local user accounts on all servers enrolled in the project. Accounts are created for users in every group belonging to the project.
Note: Clear this option if you don't want the server agent to manage server accounts.
- Click Submit to create the project.