Okta Advanced Server Access Integration
0 vote
There is a command line way to use Okta's ASA (Advanced Server Access) but it is clunky and not any better than just using a command line.
In essence you must open a command line, type "sft rdp <computername or connection ID>" and then you are stuck with a command line window AND an RDP window which is not sizeable.
Here is information on this tool; https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/client.htm
This is how it integrates with RoyalTS: https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/royaltsx.htm
It would be nice to be able to integrate this into RDM. It is an option in Royal TS but I much prefer RDM for numerous reasons.
Thank you.
To say can't is to fail before you begin
All Comments (3)
Hello Bill,
I will need a little more information to understand how we could do the integration. Could you send us a sample of the rjson file? It seems to be a RoyalTSX format in json. Just make sure edit the file and replace any sensitive information.
Regards
David Hervieux
To be honest I'm not a fan of TS Royal and while I tried it, the process didn't work and I can muddle through the process because figuring out TS Royal holds no appeal.
As I understand the process, in TS Royal it is like a smart folder. When opened, a command "sft list-servers" is launched. This process opens a web browser that authenticates that computer (and requires two factor). Once authenticated, the computer is authorized and the web browser can be closed. The command 'sft list-servers' will return a list of servers the individual has access to. For a time period you can open another command line and enter the command "sft rdp <computername or GUID>. This will then launch an RDP type window and connect you to the target computer.
It should be noted that there is no place for a username/password in the RDP, it uses the SFT process. (Maybe something like opening a SSH tunnel from the local PC to the target machine and then tunneling the RDP through it and into the target machine).
In RDM I have a script that is basically "sft rdp %hostname%" It launches a command line window, if I am not authenticated, it will prompt for authentication with a IE window. Once authenticated it then opens an undocked RDP window of a set size. (This is controlled through a command 'sft config rdp.size 1024x748' or something like that, which stores that in a text file in the profile).
Below is the command List servers with client information removed.
Thank you.
Here is an example of the RDP window. This is active, meaning I have another RDP window as well, so two windows per server I want to connect to, and I may connect to 6-12 servers at a time. Closing this window disconnects the RDP session.
To say can't is to fail before you begin
Sft also seems to maintain a folder in %userprofile%\AppData\local\ScaleFT\ and there are a couple files there. One is the "sft.conf" file which holds only this;
section "rdp" { screensize = "1280x720" }
There is also a 'state.json" file which holds this (minus identifiable info (using <stuff>)
{
"version": "v1",
"teams": [
{
"id": "ae1ab183<stuff>148cd967",
"name": "<company stuff>",
"user": "<username stuff>",
"url": "https://app.scaleft.com/v1",
"token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjA0O <lots and lots of stuff> 3e3gjxwSfKIOBlUFNPY1U3lfVeshS7smRze-qy4Z5vmu2cC61tySHHeo1MoQqL0MAYPczqcJ7YJ19YRgtF-vQTbvJbpB4STQXfA4An09cowOhVJ6ZDwBWngpAsWKOtwr2a03RZlU2Kv-P9tix8JtuvV7Wzx5fxiucv_K2CVQ5A",
"last_used": 1<stuff>26,
"client_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjA0ODYz <several lines of stuff> Qd-WeTOO-KVuPEPIfo82AMikUJZVotPtQ9o9aUP0NlwKW_kXB-mwEgJavbeSgXWrUrMKZWmK0Wk1BSw6-MWk7QfbDd1l3ZEMcRMNXe7DZMd3hTFITXpQgPnxo40FXZxPCtw",
"client_token_expires": "2021-04-08T23:22:42.940<stuff>8Z",
"token_refresh_after": "2021-04-09T13:22:11.551<stuff>Z"
}
],
"default_team": "ae1ab183- <stuff> 0c21148cd967"
}
If this helps understand it a bit more.
To say can't is to fail before you begin