To allow access to a server, teams must install the Okta Privileged Access server agent, and enroll the server agent into a specific project. If a team uses the default configuration, the Okta Privileged Access server agent manages user accounts and groups on the server and allows users to open SSH or RDP connections through the Okta Privileged Access client.
If a local server account enrolled in Okta Privileged Access shares the same user ID as a regular user, the server account will be removed when the user disconnects from the server.
Teams can enroll servers using an enrollment token. This method requires teams to generate a token and add it to a token file stored on the server. Automatic enrollment takes precedence over enrollment tokens. To permit token enrollment, teams may need to set the AutoEnroll: false option in the server agent configuration file. See Create a server enrollment token.