Create setup tokens

Enrolling gateways into Okta Privileged Access requires setup tokens. To manage access to a database, your gateway must have a specific configuration.

Prerequisites

  • You must be a member of the Okta Privileged Access resource administrator group or a delegated resource administrator.
  • Ensure your gateway machine has network connectivity to all database instances that it orchestrates. Lack of connectivity causes integration health to degrade. For example, if you deploy gateways across different network segments or virtual private clouds (VPCs) without creating the proper network rules, you can trigger connectivity errors. For stable performance, ensure that you configure network rules to allow connectivity, or use a dedicated Gateway Setup Token (GST) for each unique network environment.

Create a Okta Privileged Access gateway setup token

Gateway setup tokens are reusable and required to configure a gateway machine. Gateways are lightweight servers deployed in your environment that bridge the Okta control plane and your infrastructure.

You can use these tokens for the following purposes:

  • Server access proxy: Broker and record secure SSH and RDP sessions to Linux and Windows servers.
  • Infrastructure orchestrator: Discover resources and manage the access lifecycle for databases and other infrastructure.
  1. On the Okta Privileged Access dashboard, go to Resource Administration > Gateways.
  2. Click Add setup token.
  3. On the dialog that appears do the following:
    1. Enter a token name.

    2. Select one of the following: Infrastructure orchestrator or Server access proxy.

    3. If you selected, Server access proxy, complete the following:
      1. Click on the Add label field, and then select an existing label or create a label. Labels must be a key-value pair (for example, environment:staging)
      2. Press the Tab or Enter key to finalize the label.
      3. Optional. Repeat this process to add other labels.
      4. Click Create.
      5. Copy the token, and then click Done. You need this token when you perform setup using the configuration options. See Configure the Okta Privileged Access gateway.
    4. If you selected Infrastructure orchestrator, complete the following:
      1. Click the Choose or add orchestration group field, and then select an orchestration group or enter a name to create one.
      2. Click Create.
      3. Copy the token, and then click Done. Use this token when setting up your new gateway machine. See Configure gateway for database integration.

Edit server proxy labels

You can edit a gateway to add new labels or remove an existing label.

  1. On the Okta Privileged Access dashboard, go to Resource Administration > Gateways.
  2. Click Actions > Edit, on the gateway you want to edit.
  3. Go to Labels and type in a name to select an existing label or to create a one.
  4. To remove a label, select x on the label.
  5. Click Save.