Deploy an Ubuntu/Debian Google Cloud Platform server with user data and an attached cloud account


This guide provides the information you need to deploy an Ubuntu/Debian Google Cloud Platform server with systemd using Userdata and a linked Google Platform Cloud Project. Depending on your target server and enrollment type some topics in this guide may not apply to you, such as if your team's project will not be using a linked Google Platform Project, userdata, or if you plan to add a different server type to your project. Modify your steps as needed to fit your team or refer to a different guide on the cloud deployments page.

Creating a cloud server with Userdata means installing the Advanced Server AccessAgent simultaneously while you create a server with a cloud provider. Using userdata to install software on a new cloud server can be done through any cloud provider. Installing the Advanced Server Access AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. on a Cloud Server doesn't have to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your Cloud Deployment is as safe and secure as possible.


You need the following permissions you need to deploy an Amazon Web Services Server with Terraform

Google Cloud Platform

Requirement Description
Google Cloud Platform account A Google Cloud Platform account is needed to access the AWS Management console, where you can create a virtual machine for your team.

Advanced Server Access

Requirement Description
Advanced Server Access team This is the top-level object that is representing an organization within Advanced Server Access.
Advanced Server Access project This is the authorization-scope of your team, organizing your users, groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., and servers.


Creating a Google Cloud Platform project, deploying an Google Cloud Platform Server with Userdata and linking your Cloud Account to Advanced Server Access can be done in the following steps:

  1. Create a Google Cloud Platform project
  2. Enroll your Google Cloud Platform project in Advanced Server Access
  3. Create a virtual machine with user data

Create a Google Cloud Platform project

  1. Navigate to the Google Cloud Platform console and log in to your account
  2. Use the Select a project dropdown at the top of the page to click the New Project button

  3. Create a new name for your project and use the Location field to set its parent organization or folder
  4. Click Create when you are finished creating your project
  5. In your new Project's Dashboard, copy the Project ID number from the Project Info section and store it in a safe location

    Note: To find your project's dashboard, use the Select a project box at the top of the console

Enroll your Google Cloud Platform project in Advanced Server Access

  1. From the Google Cloud Platform console, use the Select a Project dropdown at the top of the page to see a list of your projects
  2. Use the ID column to locate your Project's ID, and save it in a secure location. This is the ID you're going to link your Cloud Account in Advanced Server Access
  3. Navigate to the Advanced Server Access Dashboard and select the Projects header at the top

  4. Click the Server that you want to link a Cloud Account to
  5. Select the Enrollment tab within your Project's console
  6. Click the Add Cloud Account button
  7. Use the Cloud Provider dropdown menu to select the Google Cloud Platform (GCP) option
  8. Paste the Project ID you saved from the Google Cloud Platform in the Account ID field
  9. Click the Submit button to finish linking your Google Cloud Platform project

Create a virtual machine with user data

  1. Use the bar on the left side of the Google Cloud Platform Console to select Compute Engine and then VM instances
  2. If prompted, use the Select a project dropdown menu to choose your newly created project
  3. Click the Create button
  4. Create a name for your new server and set it's Region and Zone using their respective dropdown menus. These options dictate where your server is located
  5. Expand the Management, security, disks, networking, sole tenancy dropdown by clicking it
  6. In the Startup Script text field, copy and paste the following text:

    sudo mkdir -p /var/lib/sftd					
    export DEBIAN_FRONTEND=noninteractive
    echo "Add a basic sftd configuration"
    sudo mkdir -p /etc/sft/
    sftcfg=$(cat <<EOF
    # CanonicalName: Specifies the name clients should use/see when connecting to this host.
    CanonicalName:            "ubuntu-target"
    echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml
    echo "Retrieve information about new packages"
    sudo apt-get update
    sudo apt-get install -y curl
    echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file"
    echo "deb linux main" | sudo tee -a /etc/apt/sources.list
    echo "Trust the repository signing key"
    curl -C - | sudo apt-key add -
    echo "Retrieve information about new packages"
    sudo apt-get update
    echo "Install sftd"
    sudo apt-get install scaleft-server-tools

    Note: This script creates an sftd.yaml file for your server and uses ubuntu-target as its CanonicalName. Modify and generate this information as needed to fit your teams and project environments.

  7. Click the Create button at the bottom of the page