A primary objective of deploying Advanced Server Access is solving for user provisioning and lifecycle management across heterogeneous servers. These processes integrate with Okta by using SAML and SCIM to receive certain user properties and replicate them on managed systems. When user accounts already exist on a managed system, the Advanced Server Access server agent attempts to reconcile them by taking the accounts and having Advanced Server Access manage them.
The Advanced Server Access server agent does not just create or delete user accounts when it is installed or when changes are made to a user directory or to an RBAC permission that governs who can be given access to a system. Correct user account management is a core security outcome, so the Advanced Server Access server agent monitors the state of the managed system’s configurations by periodically polling with local read operations (for example, getent). These periodic read operations against the system are low-impact on system resources (for example, memory and CPU) and are integral to Advanced Server Access being able to provide the security and resilience outcomes it's designed to achieve.