Before you begin
After you install the server agent and enroll the server, the server agent creates local server accounts for all Okta Privileged Access users that are part of the related project. On Windows, these accounts are disabled unless a connection is active.
On Windows, a related access broker process is responsible for proxying Remote Desktop Protocol (RDP) connections. Using port 4421, this process is required to allow successful RDP connections to the server. For more information, see Configure the Okta Privileged Access server agent.
On Windows, the Okta Privileged Access server agent runs under the LocalSystem account. You can control the Okta Privileged Access server agent by manually creating a configuration file. On Windows, this file must be manually created at C:\Windows\System32\config\systemprofile\AppData\Local\scaleft\sftd.yaml. For details, see Configure the server agent.
You can open an RDP connection with the
rdp command (
sft rdp <server-name>
When you connect with the Windows RDP client, the title bar may display the loopback IP address (for example, 127.0.0.1).
Information related to the Okta Privileged Access server agent installation is stored within the AppData\Local\ folder.
- State directory:
- Configuration file:
Note: You must manually create the configuration file.
- Log directory:
Note: Log files are rotated after 5MB and only the 10 most recent log files are kept.
- Enrollment token: