Install the Okta Privileged Access server agent
The Okta Privileged Access server agent (sftd) is a daemon that runs on your servers and integrates with the Okta Privileged Access platform. The server agent configures client certificate authentication for Secure Shell (SSH) and Remote Desktop Protocol (RDP) connections, audits server login events, and manages local user accounts.
To deploy an Okta Privileged Access server, you must install the agent and enroll the server into a project. The system requirements for the server agent are minimal. If a server can run one of the supported operating systems and has available storage for logs, then it can successfully run the server agent. See Supported operating systems.
- On Linux, the server agent runs as root and all data is stored in the /var/lib/sftd directory.
- On Windows, the server agent runs as LocalSystem and all data is stored in the C:\Windows\System32\config\systemprofile\AppData\Local\scaleft directory.
On Linux distributions, the server agent automatically starts after installation completes. This causes the agent to automatically enroll, create local users, and remove the enrollment token file.
You can stop the server agent from automatically starting by creating a disable-autostart file in the state directory (/etc/sftd/disable-autostart). This prevents the server from being inadvertently enrolled in a project and is useful when building OS images using a tool like Packer. After the configuration is complete, you can remove the disable-autostart file.
- Install the Okta Privileged Access server agent on Red Hat (RHEL), Amazon Linux, Alma Linux, or CentOS
- Install the Okta Privileged Access server agent on Ubuntu or Debian
- Install the Okta Privileged Access server agent on SUSE Linux
- Install the Okta Privileged Access server agent on FreeBSD
- Install the Okta Privileged Access server agent on Windows