Install the Advanced Server Access agent on SuSE Linux

 

You need to download the Advanced Server Access server tools, import the Advanced Server Access repository signing key, and install the server tools to use the agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations..

To download and install the agent:

  1. Download the Advanced Server Access server tools:

    sudo curl -o /tmp/scaleft-server-tools-1.9.2-1.x86_64.rpm https://pkg.scaleft.com/rpm/scaleft-server-tools-1.9.2-1.x86_64.rpm

  2. Import the repository signing key to your local keyring:

    sudo rpm --import https://dist.scaleft.com/pki/scaleft_rpm_key.asc

  3. Install the server tools package, which includes the agent:

    sudo zypper --non-interactive install /tmp/scaleft-server-tools-1.9.2-1.x86_64.rpm

    Note: Alternatively, you can use yast2 install (which has been deprecated) instead of using zypper:

    sudo yast2 -i /tmp/ scal

Automate agent installation

You can automatically install Advanced Server Access server tools on Linux servers running in AWS and other cloud environments by using a user data script, or by running a PowerShell command, either locally or remotely.

Enroll a server using an enrollment token

Enrollment is the process where the Advanced Server Access agent configures a server to be managed by a specific project.

An enrollment token is a base64-encoded object with metadata that the Advanced Server Access agent can configure itself from.

To create an enrollment token for a project, open the project from the Advanced Server Access dashboard. Switch to the Enrollment tab, then click Create Enrollment Token. Enter a description for the token based on its usage (for example, "First Production Buildout", or "Testing Advanced Server Access"). Click Submit to create the token.

After creating your token, copy it to the enrollment token path on the server either by using your configuration management system (for example, Puppet, Chef, Ansible, and so on), or by writing it to a file.

On Linux, the enrollment token path is /var/lib/sftd/enrollment.token

On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token

Verify that a server is enrolled

You can check if a server is enrolled in a project from the Advanced Server Access dashboard, or by running a command on a clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .

To check if a server is enrolled from the Advanced Server Access dashboard, click Projects, select the project to check, then select the Servers tab. If the server was successfully enrolled, it appears in the list.

To check if a server is enrolled from a client, run the command:

 sft list-servers

This command outputs a list of all enrolled servers. If the server was successfully enrolled, it appears in the list.

Top