Download and install the Advanced Server Access server tools on Windows

You need to download and install the Advanced Server Access server tools to use the Advanced Server Access agentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. on Windows.

To download and install the Advanced Server Access server tools:

  1. Download the Advanced Server Access server tools. Click here.
  2. Install the MSI by double-clicking the download or by running the command:

    msiexec.exe /qb /I ScaleFT-Server-Tools-latest.msi

Automate agent installation

Advanced Server Access Server Tools can be automatically installed on Windows servers running in AWS and other cloud environments using a PowerShell user data script, or by a PowerShell command run locally or remotely.

You can find an open-source PowerShell module for managing Advanced Server Access server agent installations for Windows at https://github.com/ScaleFT/scaleft-powershell/.

Enroll a server using an enrollment token

Enrollment is the process where the Advanced Server Access agent configures a server to be managed by a specific project.

An enrollment token is a base64-encoded object with metadata that the Advanced Server Access agent can configure itself from.

To create an enrollment token for a project, open the project from the Advanced Server Access dashboard. Switch to the Enrollment tab, then click Create Enrollment Token. Enter a description for the token based on its usage (for example, "First Production Buildout", or "Testing Advanced Server Access"). Click Submit to create the token.

After creating your token, copy it to the enrollment token path on the server either by using your configuration management system (for example, Puppet, Chef, Ansible, and so on), or by writing it to a file.

On Linux, the enrollment token path is /var/lib/sftd/enrollment.token

On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token

Verify that a server is enrolled

You can check if a server is enrolled in a project from the Advanced Server Access dashboard, or by running a command on a clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .

To check if a server is enrolled from the Advanced Server Access dashboard, click Projects, select the project to check, then select the Servers tab. If the server was successfully enrolled, it appears in the list.

To check if a server is enrolled from a client, run the command:

 sft list-servers

This command outputs a list of all enrolled servers. If the server was successfully enrolled, it appears in the list.

Top