Configure IP addresses for Advanced Server Access server cloud instances

When you deploy a server in Advanced Server Access, you must set the IP address that users should connect to. How you do this depends on the type of server you're deploying.

Configure IP address for on-premise, Google Cloud Platform, or Azure servers

For servers on these platforms, you must either explicitly configure the IP address or select the IP address by heuristic.

Configure IP address for Amazon Web Services servers

There are two ways to set the IP address of an Amazon Web Services server: by specifying values in the Advanced Server Access agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations.'s configuration file, or allowing the agent to discover the address.

To configure the IP address of an AWS server, specify values for AccessAddress and AccessInterface in the agent's sftd.yaml configuration file. Depending on your configuration, you may only need to specify a value for one of the options.

If you don't set the IP address in the agent's configuration file, then the agent collects the Elastic Computer Cloud (EC2) Virtual Private Cloud (VPC) ID and any associated IP addresses and provides that information to the Advanced Server Access platform. This means that Advanced Server Access can use the VPC IP when an SSH/RDP hop to a target server occurs from an SSH bastion.

See also

Top