Projects
A project is a collection of resources with a set of configurations, including server tokens, account discovery, password settings, secrets, and SSH. Projects exist within resource groups and each project must belong to a resource group. No matter what you choose to secure with Okta Privileged Access, you must create at least one project. Resource admins or delegated resource admins can create projects within the context of a resource group, and each resource group can contain multiple projects.
Prerequisites
-
You must be a member of an Okta Privileged Access resource administrator group or delegated resource administrator group.
-
A resource group is already created.
Create a project
- Open the Okta Privileged Access dashboard.
- Click Resource Management.
- Select a resource group.
- Click Create Project.
- In the dialog that appears, enter a project name, and then click Save.
Configure server settings
- Open the Okta Privileged Access dashboard.
- Click Resource Management.
- Select the resource group that contains the project you want to configure.
- If you haven't already, create a project or select an available project.
- Go to the Settings tab.
Action Task Project name
Enter a project name
Enrollment token
- Click view to see the available enrollment tokens. An enrollment token is used to enroll a server agent into an Okta Privileged Access project. See Server Enrollment.
- To create an enrollment token, click Create Enrollment Token.
Account discovery
(optional)
Click the toggle to enable it. Once enabled, local accounts are discovered on all servers.
Password settings
(optional)
Passwords are securely stored in an Okta Privileged Access vault. Account discovery must be turned on to configure password settings.
- Type a name to specify which account you want to apply these password rules.
- Set the condition for password rotation.
- Set the password complexity.
SSH configuration
(optional)
Select a public key signature algorithm for authentication keys.
By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers. The ssh-rsa algorithm is considered insecure.
Gateway selector
Specify one or more gateway selectors, where each selector is a key-value pair (for example, environment:staging). See Okta Privileged Access gateways.
Account lifecycle Click the toggle to enable persistent principal accounts. See Persistent account for details.
You must install version 1.74.4 or higher of Okta Privileged Access client, gateway, and server agent to use this feature.
- Click Save.
Configure secrets
See Secrets.
Delete a project
When you delete a project from a resource group, the system has safeguards to ensure that server access isn't compromised. If you want to delete a project, it must not contain any servers. In particular, servers that have been turned off for 96 hours or more don't appear in a project due to the liveliness checks performed by the Okta Privileged Access server agent. Projects that contain servers that haven't contacted the Okta Privileged Access platform show a warning indicating that these servers need to be re-enrolled after the project is deleted.
-
Open the Okta Privileged Access dashboard.
-
Click
. -
Select the resource group that contains the project you want to delete.
-
Click Delete on the project you want to remove.
-
Click Remove Project.
Related topics
Okta Privileged Access accounts
Create and manage secrets (End user)