User management

User management is a feature that is automatically enabled for target servers enrolled with Advanced Server Access.

A primary objective of deploying Advanced Server Access is solving for user provisioning and lifecycle management across heterogenous servers. These processes, which vary by operating system as well as configurations, integrate with Okta via SAML and SCIM to receive certain user properties and replicate them on managed systems. When user accounts already exist on managed systems, the Advanced Server Access agent attempts to reconcile these user accounts according to the provided configurations and documented behavior to take the user accounts which previously existed on the system under management by Advanced Server Access.

The Advanced Server Access agent does not just create or delete user accounts when it is installed or when changes are made to either a user directory or to an RBAC permission governing who can be given access to a system. Correct user account management is a core security outcome, so the Advanced Server Access agent monitors the state of the managed system’s configurations by periodically polling with local read operations (such as `getent`). These periodic read operations against the system are low-impact on system resources such as memory or CPU, and are integral to Advanced Server Access's ability to provide the security and resilience outcomes it is designed to achieve.