Create a server enrollment token

An enrollment token is a Base64 encoded object that includes metadata used to enroll the device into an Okta Privileged Access project.

  1. Open the Okta Privileged Access dashboard.
  2. Go to Resource Administration Resource Management.
  3. Select a resource group and then select the project you want to use.

  4. Select the Settings tab.
  5. In the Enrollment tokens section, click view. A list of available enrollment tokens appears.

  6. Click Create Enrollment Token.

  7. Enter a description for the token.
  8. Click Save to create the token.
  9. Copy the token to the enrollment token path on the server. You can either use your configuration management system (for example, Puppet, Chef, Ansible) or write it to a file.
    • On Linux, the enrollment token path is /var/lib/sftd/enrollment.token
    • On Windows, the enrollment token path is C:\windows\system32\config\systemprofile\AppData\Local\scaleft\enrollment.token

You can check the enrollment by running the sft list-servers command on the client. This command outputs a list of all enrolled servers. If the server was successfully enrolled, it appears on the list. If you enroll the same server twice, the sft list-servers command displays two instances of that server with different UUIDs and IP addresses. Use sft rdp <id> to pick one of the IDs you want to connect.

Next steps

Optional. Verify server enrollment

Configure and use the server agent