Projects

A project is a collection of resources with a set of configurations, including server tokens, account discovery, password settings, secrets, and SSH. Projects exist within resource groups and each project must belong to a resource group. No matter what you choose to secure with Okta Privileged Access, you must create at least one project. Resource admins or delegated resource admins can create projects within the context of a resource group, and each resource group can contain multiple projects.

Prerequisites

  • You must be a member of an Okta Privileged Access resource administrator group or delegated resource administrator group.

  • A resource group is already created.

Create a project

  1. Open the Okta Privileged Access dashboard.
  2. Click Resource Management.
  3. Select a resource group.
  4. Click Create Project.
  5. In the dialog that appears, enter a project name, and then click Save.

Configure server settings

  1. Open the Okta Privileged Access dashboard.
  2. Click Resource Management.
  3. Select the resource group that contains the project you want to configure.
  4. If you haven't already, create a project or select an available project.
  5. Go to the Settings tab.
    ActionTask

    Project name

    Enter a project name

    Enrollment token

    1. Click view to see the available enrollment tokens. An enrollment token is used to enroll a server agent into an Okta Privileged Access project. See Server Enrollment.
    2. To create an enrollment token, click Create Enrollment Token.

    Account discovery

    (optional)

    Click the toggle to enable it. Once enabled, local accounts are discovered on all servers.

    Password settings

    (optional)

    Passwords are securely stored in an Okta Privileged Access vault. Account discovery must be turned on to configure password settings.

    1. Type a name to specify which account you want to apply these password rules.
    2. Set the condition for password rotation.
    3. Set the password complexity.

    SSH configuration

    (optional)

    Select a public key signature algorithm for authentication keys.

    By default, projects use the ssh-ed25519 algorithm, but admins can configure the project to use the ssh-rsa to support legacy servers. The ssh-rsa algorithm is considered insecure.

    Gateway selector

    Specify one or more gateway selectors, where each selector is a key-value pair (for example, environment:staging). See Okta Privileged Access gateways.

    Account lifecycle

    Click the toggle to enable persistent principal accounts. See Persistent account for details.

    You must install version 1.74.4 or higher of Okta Privileged Access client, gateway, and server agent to use this feature.

  6. Click Save.

Configure secrets

See Secrets.

Delete a project

When you delete a project from a resource group, the system has safeguards to ensure that server access isn't compromised. If you want to delete a project, it must not contain any servers. In particular, servers that have been turned off for 96 hours or more don't appear in a project due to the liveliness checks performed by the Okta Privileged Access server agent. Projects that contain servers that haven't contacted the Okta Privileged Access platform show a warning indicating that these servers need to be re-enrolled after the project is deleted.

  1. Open the Okta Privileged Access dashboard.

  2. Click Resource Management.

  3. Select the resource group that contains the project you want to delete.

  4. Click Delete on the project you want to remove.

  5. Click Remove Project.

Related topics

Groups

User attributes

User management

Okta Privileged Access accounts

Create and manage secrets (End user)