Install the Advanced Server Access agent on Red Hat, CentOS, and Fedora

 

You need to add the Advanced Server Access repository, and import the repository signing key to install and use the agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations..

To install the agent:

  1. Add the Advanced Server Access yum repository:

    curl -C - https://pkg.scaleft.com/scaleft_yum.repo | sudo tee /etc/yum.repos.d/scaleft.repo

  2. Import the repository signing key to your local keyring:

    sudo rpm --import https://dist.scaleft.com/pki/scaleft_rpm_key.asc

  3. Install the server tools package, which includes the agent:

    sudo yum install scaleft-server-tools

The sftd daemon should start automatically. Check the newest sftd log under /var/log/sftd/ to verify that the daemon is running.

Next steps

You can learn how to use the agent and its options. See Deploy an Advanced Server Access server.

Enroll a server using an enrollment token

Enrollment is the process where the Advanced Server Access agent configures a server to be managed by a specific project.

An enrollment token is a base64-encoded object with metadata that the Advanced Server Access agent can configure itself from.

To create an enrollment token for a project, open the project from the Advanced Server Access dashboard. Switch to the Enrollment tab, then click Create Enrollment Token. Enter a description for the token based on its usage (for example, "First Production Buildout", or "Testing Advanced Server Access"). Click Submit to create the token.

After creating your token, copy it to the enrollment token path on the server either by using your configuration management system (for example, Puppet, Chef, Ansible, and so on), or by writing it to a file.

On Linux, the enrollment token path is /var/lib/sftd/enrollment.token

On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token

Verify that a server is enrolled

You can check if a server is enrolled in a project from the Advanced Server Access dashboard, or by running a command on a clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .

To check if a server is enrolled from the Advanced Server Access dashboard, click Projects, select the project to check, then select the Servers tab. If the server was successfully enrolled, it appears in the list.

To check if a server is enrolled from a client, run the command:

 sft list-servers

This command outputs a list of all enrolled servers. If the server was successfully enrolled, it appears in the list.

Top