Guidance for Advanced Server Access connector

The Advanced Server Access connector in Workflows allows you to create custom solutions without the need to customize your ASA deployment.

Capabilities of the Advanced Server Access connector

You can perform CRUD operations on the following:

  • Projects

  • Teams

  • ASA Users and Groups

  • Pre-Authorizations

  • Enrollment Tokens

  • Servers

Additionally, for API operations that are not directly supported by the pre-built cards, you can use the Custom API Action card to invoke arbitrary API calls against the Advanced Server Access API.

Your use of the Advanced Server Access connector and its action cards assumes a basic understanding of Advanced Server Access terminology, components, API, and interface. Developer documentation is an essential resource to use when developing flows to understand the various actions and properties of the cards. For the Advanced Server Access API, see Introduction to the Advanced Server Access API.

Test action cards

Test a flow using action cards from the Advanced Server Access connector.

  1. Create an ASA Connection object associated with your ASA team.

  2. It is recommended that you use a sandbox, test, or non-production ASA team for this connection.

  3. Use the Create Project action card to create a project that will be used to test the connector itself.

  4. In the ASA dashboard, verify that the project was created successfully.

  5. Optionally, use the Create ASA Group action card to create a local ASA group.

  6. Optionally, use the Add User to Group action card to add an ASA user to the new group.

  7. Use the Add Group to Project action card to ad ann ASA group to a project.

  8. Optionally, configure the group to grant group members access to servers in the project.

  9. In ASA dashboard, navigate to Project > Users and verify that the users who are in the group are listed in the project.

  10. Optionally, use the Create Server Enrollment Token for Project action card to create a server enrollment token for the same project.

  11. Install the ASA agent on a server using the same token.

  12. Verify that users in the group that are assigned to the project can access the server.

Known issues and limitations

The following known limitations to the Advanced Server Access connector that may impact your flows.

  • The Advanced Server Access connector does not support all Advanced Server Access API endpoints.

  • Note the difference in behavior in updates to the Advanced Server Access connector and connections in Workflows. ASA administrators are responsible for managing the service user account that is used by the connector to authenticate to ASA.

Related topics

Advanced Server Access connector

About the elements of Okta Workflows

Advanced Server Access API documentation