A project in Advanced Server Access is an authorization scopeA scope is an indication by the client that it wants to access some resource., similar to a domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). in Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management., or a realm in KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner..

A project associates a collection of resources with a set of configurations, including Role-Based Access Control (RBAC) and access policies.

Projects can be used to manage access to Windows servers, Linux servers, or web applications. You can think of a project as a programmable Certificate Authority for clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. certificates, including OpenSSH CA certificates and X.509 certificates, as well as signed objects such as JWTs.

No matter what you choose to secure with Advanced Server Access, you'll need to create at least one project.

Create a project

To create a project, click Projects and then click Create Project.

Enter an name to identify the project. It may contain letters, numbers, and dashes (-), underscores (_), or periods (.).

The Manage Server Users option is selected by default. This lets the Advanced Server Access agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. create and manage local user accounts on your servers. The agent will create an account on each server in the project for every user in the groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. that belong to the project. You can view a list of these accounts in a project by selecting the Users tab.

Clear the Manage Server Users check box if you don't want the agent to manage server accounts. See User Management.

Add a group to a project

By default, no one is granted permissions to the resources of a project. To grant a group permission to access a project, you must add the group to the project.

To add a group to a project, click Projects and select the project to add a group to. Select the Groups tab, then click Add Group to Project. By default, group members are granted user-level permissions. To grant administrative permissions to servers in the project, select AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. from the account permission options. For Linux servers, this means granting sudo privileges to members of the group. For Windows servers, this means granting Administrator privileges.

See Groups.