Okta Basics Curriculum: Enable Secure Access to Linux Servers with Advanced Server Access
Okta’s Advanced Server Access tool provides access management for servers, whether they’re cloud or on prem. Rather than keeping track of various passwords and logins for individual servers, Advanced Server Access essentially manages the identity piece and provides an alternative to manual logins.
Here’s their simple diagram of how this works:
This is actually an extremely cool feature, assuming it actually works the way they say it does. I’m going to recommend that people go through the Okta training for this piece because they do a better job of explaining it than I can here. Essentially, Okta grants a short-lived certificate and a client application installed on the users’ workstation initiates a secure session with the target server. The certificate expires in minutes and they self-revoke after use, so there are no concerns about credential theft and much less of an attack surface than normal.
Okta’s docs about Advanced Server Access has more information if you want to dig in further.
The video for this lesson also makes note of some cool command line options that Advanced Server Access offers as well – you have the option once you’re authenticated to see which servers you have access to, so you can just choose one without having to re-authenticate or log in directly.
The other obvious benefit of managing server access this way is that it makes things a lot easier to handle if one of your admins leaves the company – no need to reset a hundred passwords – once they’re offboarded in Okta, any potential access goes away.