Create a server enrollment token
An enrollment token is a Base64 encoded object that includes metadata used to enroll the device into an Okta Privileged Access project.
- Open the Okta Privileged Access dashboard.
- Go to .
-
Select a resource group and then select the project you want to use.
- Select the Settings tab.
-
In the Enrollment tokens section, click view. A list of available enrollment tokens appears.
-
Click Create Enrollment Token.
- Enter a description for the token.
- Click Save to create the token.
- Copy the token to the enrollment token path on the server. You can either use
your configuration management system (for example, Puppet, Chef, Ansible) or write it to a file.
- On Linux, the enrollment token path is /var/lib/sftd/enrollment.token
- On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token
You can check the enrollment by running the sft list-servers command on the client. This command outputs a list of all enrolled servers. If the server was successfully enrolled, it appears on the list. If you enroll the same server twice, the sft list-servers command displays two instances of that server with different UUIDs and IP addresses. Use sft rdp <id> to pick one of the IDs you want to connect.
Next steps
Optional. Verify server enrollment