On demand users

Some environments have a requirement for users that have predetermined expiration dates. Advanced Server Access provides this capability through "on demand users". Advanced Server Access admins can specify the lifespan of users on a project, ensuring that access to resources is terminated for those users after a specified time period. On demand users hold the same level of access and permissions as all other end-users while active.

You can enable or disable on demand users for a project by setting the On Demand User TTL (Time to Live) value for the project, either when you create a project, or by editing an existing project. To edit an existing project, click Projects, then click the gear gear icon beside the project and select Edit.

To use the default method of provisioning users when a server is enrolled to the project, select Disabled from the On Demand User TTL (Time to Live) drop-down box.

To provision users on an on-demand basis, select a time value from the On Demand User TTL drop-down box (for example, 14 days). When a TTL value is set for the project, then an account for a user is provisioned when the user signs in to the server. After the TTL period has passed, or when the user signs out, the account is removed from the server.

Note: To use on demand users, your servers must be configured to allow the Advanced Server Access agent to be accessible from port 4421 of the previous network hop. For example, if your client uses a bastion to connect to the server, then the Advanced Server Access agent must be accessible from port 4421 of the bastion. In the case where the client connects directly to the server, then the Advanced Server Access agent must be accessible from port 4421 of the client.