Similar to assignments in Okta, Advanced Server Access uses groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to explicitly assign users with associated permissions to projects, giving them access to required resources.
Advanced Server Access can sync your users and groups from the Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., which provides easier management of people, membership, and roles. See User Management and Configure SCIM on Okta.
Two groups are automatically created for each team: everyone and owners.
The everyone group includes every user that belongs to your Advanced Server Access team.
The owners group initially includes only the user who created the Advanced Server Access team.
Create a group
To create a group, click Groups and then click Create Group. Enter a name for the group and select the team roles to assign to the group. Click Create Group to finish creating the group.
Assign a group to a project
To assign a group to a project:
- Click Projects, then select the project to add a group to.
- Switch to the Groups tab, then click Add Group to Project.
- Enter the name of the group to add to the project.
- By default, group members are granted user-level permissions. To grant administrative permissions to servers in the project, select AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. from the account permission options. For Linux servers, this means granting sudo privileges to members of the group. For Windows servers, this means granting Administrator privileges.