Configure Agent Lifecycle Management Hooks for Advanced Server Access

The Advanced Server Access Lifecycle Hooks feature exposes an event bus on your servers that receives notifications when changes are made to the local users and groups configurations on your Linux systems. Advanced Server Access Administrators can customize these Lifecycle Hooks with scripts to fit any routine tasks need to be executed when these membership changes occur. Local scripts are also run globally, matching any files that are under the /usr/lib/sftd/hooks directory. Use the Reference List below to see which Operating System Objects are affected depending on which event is occurring, and to see which scripts are being run.


Use the steps below as an example for a on-host setup.

Note: Before beginning, ensure you have an active Advanced Server Access session open, and that you have AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. authority on your target Linux server.

Section 1: Create a Custom Script

  1. From the command line, SSH into one of your target Linux servers.

  2. Switch to root by running sudo su

  3. Create a new directory for the hooks script with the following command:

    mkdir -p /usr/lib/sftd/hooks/user-created.d

  4. Using a text editor, create a new file named and copy/paste the following bash script:

    Note: The following text is an example illustrating the basic functionality of AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. Lifecycle Hooks. Modify the text as needed to fit your specific integration.

    cp $SOURCE_FILES/AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.?/home/"${SFT_HOOK_USERNAME}"
    if [ $? -eq 0 ]
    echo "Successfully copied source files into /home/"${SFT_HOOK_USERNAME}"" >>
    echo "Error Copying source files into /home/"${SFT_HOOK_USERNAME}"" >>
  5. Grant the script execute access:

    chmod 755

  6. Run the ls -l command and confirm that permissions have been correctly set. The output should resemble the following:

    -rwxr-xr-x 1 root root 316 Jun 30 14:54

Section 2: Create the Source Files:

  1. Create a new directory for the source files by running the following commands:

    cd /opt
    mkdir sourcefiles
  2. Next, create the source files with the following commands:

    Cd sourcefiles
    touch App1 App2 App3
  3. Run the ls command and confirm that the files App1, App2, and App3 have been created.

Section 3: Create a New Okta User and Assign to an Authorized Group

  1. As an Okta Administrator, navigate to the Admin dashboard of the Okta tenant that manages your Advanced Server Access Application

  2. Navigate to Applications and Select Okta Advanced Server Access

  3. Select Assignments and then Groups. Remember the name of the group that has been assigned the application

  4. In the Okta Admin console, select Directory , People and then Add Person

  5. Create a new user with a memorable name

  6. In the Okta Admin console, navigate to Directory, and then select GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.. From here, select the group that was assigned to Advanced Server Access in Step 3.

Section 4: Add the User's Group to Your Project:

  1. In the Okta Administrator Console, click on My Applications, and then select Okta Advanced Server Access

  2. Next, from the Advanced Server Access console, click the Groups header within your project's homepage and select the group from Step 6 in Section 3.

  3. Click on Projects

  4. Click on Add Group to Project

  5. In the search bar, select the group that your created user was added to in Okta, and then click Create Group

  6. Ensure that the user has been added to the project by clicking on Users in the project menu and searching for the user. If needed, use the search bar to find your user.

Section 5: Validate User Provisioning on your Linux Server

  1. From the Linux command prompt, enter the following commands:

    cd /home

    ls -l

  2. Verify that the home directory for your new user has been created.

  3. Switch to the new user's home directory by running cd <username>

    You can verify that the files App1, App2, and App3 exist in the user's home directory with the ls command.

This is how you can use Advanced Server Access Agent Lifecycle Hooks to integrate any host-local automation, system, or external user directory with your Users & Groups in Okta.

See Also