Advanced Server Access user and group attributes

Advanced Server Access attributes are configurable metadata that allow teams to specify various characteristics of users and groups. Attributes allow teams to customize how Advanced Server Access synchronizes users and groups to enrolled servers. This means teams can systematically manage infrastructure identity using Okta as the single source of truth. Additionally, teams can import existing configurations from systems outside of Okta into Advanced Server Access by using custom attribute mappings.

By default, Advanced Server Access defines specific values at the team level and applies them to all users and groups. Teams can modify these default values from the Advanced Server Access application panel within Okta.

In some cases, teams may need to modify the attributes for specific projects. Teams can set project-level attributes that override the team-level settings for a user or group assigned to the project. The team-level settings are used on any projects that haven't explicitly modified the attributes. Project-level overrides are configured from the Advanced Server Access dashboard.

Default attributes

By default, Advanced Server Access assigns values for the following attributes:

Type Attributes
User Attributes
  • Unix server username
  • Windows server username
  • Unix user ID (UID)
  • Unix primary group identifier (GID)
Users can also specify default values for the following attributes:
  • Home directory
  • Login shell
  • Unix GECOS field
Group Attributes
  • Unix server group name
  • Windows server group name
  • Unix group identifier (GID)

    Advanced Server Access doesn't support assigning the same GID to two or more groups. Only groups with unique GIDs are synchronized with the sftd agent. If a group is assigned a GID and then deleted in Advanced Server Access, that GID becomes unavailable.

Related topics