Passwordless Auth to Servers: hands on with ASA

Emily is a developer advocate at Okta with a background in DevOps and open source technology. She focuses on introducing and demonstrating tools like Okta's ASA, specializing in managing server access and security.

Okta's ASA (Advanced Server Access) tool is designed to manage server access securely by allowing one-time use keys for SSH and RDP access, which integrates with an identity provider for centralized management of authentication and authorization.

Authentication verifies if a user is the same individual as previously identified, often using credentials like passwords or biometrics. Authorization, on the other hand, determines if the authenticated user has permissions to perform specific actions or access certain resources.

Using a centralized identity provider for server access, such as in Okta's ASA, streamlines the authentication process, reduces the need to manage multiple keys, and enhances security by centralizing control over who can access what resources and when.

Setting up Okta's ASA involves creating an Okta account, integrating it with the ASA application, configuring user permissions and groups, and setting up server and client access through ASA's management interface.

The zero trust model in Okta's ASA rechecks a user's authentication and authorization on virtually every attempt to access resources. This frequent verification minimizes the risk of unauthorized access and enhances overall security.

Enrolling a server in Okta's ASA involves generating an enrollment token from the ASA interface, placing this token on the server, and installing the ASA agent which will register the server with the identity provider.

In Okta's ASA, changes to user permissions are dynamically updated, meaning if a user's permissions are revoked or altered, their access to servers and resources is immediately impacted, ensuring security is maintained in real-time.