Create a server enrollment token
End of sale announcement
Effective May 1, 2026, Okta will no longer sell or renew Advanced Server Access. Existing customers must migrate to Okta Privileged Access within one year of their next scheduled renewal date to maintain service.
Read the FAQ and learn more about Okta Privileged Access.
An enrollment token is a Base64 encoded object that includes metadata used to enroll the device into an Advanced Server Access project.
- Open the project from the Advanced Server Access dashboard.
- Switch to the Enrollment tab, then click Create Enrollment Token.
- Enter a description for the token. Click Submit to create the token.
- Copy the token to the enrollment token path on the server, either by using
your configuration management system (for example, Puppet, Chef, Ansible, and so on), or by writing it to a file.
- On Linux, the enrollment token path is /var/lib/sftd/enrollment.token
- On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token