Create a project
To create a project:
- Click Projects.
- Click Create Project.
- Enter an name to identify the project. It may contain letters, numbers, and dashes (-), underscores (_), or periods (.).
- Select the Require Preauthorization check box if you want Advanced Server Access to only issue credentials to preauthorized users.
- Choose whether to provision users when a server is enrolled in the project, or to provision users on demand.
To use the default method of provisioning users when a server is enrolled to the project, select Disabled from the On Demand User TTL (Time to Live) drop-down box.
To provision users on an on-demand basis, select a time value from the On Demand User TTL drop-down box (for example, 14 days). When a TTL value is set for the project, then an account for a user is provisioned when the user signs in to the server. After the TTL period has passed, or when the user signs out, the account is removed from the server.
Note: To use on demand users, your servers must be configured to allow the Advanced Server Access agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. to be accessible from port 4421 of the previous network hop. For example, if your clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. uses a bastion to connect to the server, then the Advanced Server Access agent must be accessible from port 4421 of the bastion. In the case where the client connects directly to the server, then the Advanced Server Access agent must be accessible from port 4421 of the client.
- Set the initial Unix UID and GID values that Advanced Server Access will use to assign Unix user IDs and group IDs, respectively. You can also explicitly assign UID and GID values to a user. See User and group attributes.
- The Manage Server Users option is selected by default. This lets the Advanced Server Access agent create and manage local user accounts on your servers. The agent will create an account on each server in the project for every user in the groups that belong to the project. You can view a list of these accounts in a project by selecting the Users tab.
Clear the Manage Server Users check box if you don't want the agent to manage server accounts.
- Click Submit to create the project.