Okta PolicySync

Bring Zero Trust to your Linux and Windows servers

Make sure people have access to the servers they need to do their jobs—no more, no less.

Okta PolicySync enables Advanced Server Access administrators to apply fine-grained role, attribute, and time-based access controls across dynamic hybrid and multi-cloud infrastructure environments.

Flexible control

Allow users to access some—but not all—servers within a project and across multiple projects.

Apply attribute-based access controls to user groups based on labels, a key-value pair applied at the server level. And assign groups to servers across projects for more customized controls.

Ultimately, this gives you RBAC that maps to your unique org structure.

Simple setup

Assign groups access to servers based on projects or labels. Then easily provision users and groups to downstream servers, along with any applied sudo entitlements.

Leverage your labels

Automatically import metadata tags and labels from your existing IaaS environments, such as AWS and GCP, to align Okta controls with your infrastructure configurations. We know many organizations have already made investments in labeling servers in IaaS clouds, so we’ll help you leverage those investments.

Zero Trust made easy

Better adhere to the principles of least privilege access with less complexity. All access is centered on identity, making it easier to apply fine-grained policies that are enforced in practice.

Time-saving automation

Avoid getting bogged down with clunky, disparate admin systems that aren’t cloud-aware and break at scale. Everything in Okta is fully automated, adapting to the dynamic nature of your cloud infrastructure.

Set it and forget it

Once Okta Advanced Server Access is deployed across your infrastructure, your work is done – identities and policies automatically propagate across your server fleets, synchronized with your Identity Provider and IaaS configurations.

Role-based access controls

Assign Okta groups to be authorized for collections of servers
Fully automate end-to-end lifecycle management of server users and groups
Apply command-level entitlements to groups for Linux

Attribute-based access controls

Further segment access to collections of servers by labels, i.e. “prod-compliance”
Integrate with downstream IaaS providers, like Amazon Web Services (AWS) and Google Cloud Platform (GCP), to import resource tags
Adapt to elastic, autoscaling infrastructure with native IaaS resource synchronization

Time-based access controls

Restrict access to collections of servers for a predetermined time window assigned to specific users
Stitch together event-driven automation to tie authorization to workflows, like ticket systems, chat apps, and more
Lean on automation to decommission limited access without having to track it yourself

What does this look like in practice?

Only members of the DevOps team can access the servers in the CI/CD cluster, and only members of the Data team can access the servers in the Database cluster. You can restrict privileged commands for the Data team, so they can only perform actions related to their job.

Additionally, you can apply group assignments to labels, which you can configure or import from AWS. For example, you may have several servers that handle payment processing and are subject to PCI-DSS guidelines. You can assign these servers fine-grained control, across all projects, based on a label name.

Okta PolicySync is available for any customers using Advanced Server Access.

Advanced Server Access

Server access management as dynamic as your multi-cloud infrastructure.

Learn more

See Advanced Server Access in action

Watch now