Configuring Projects

In ScaleFT, a project is an authorization scope, similar to a Domain in Active Directory, or a Realm in Kerberos.

A project associates a collection of resources with a set of configurations, including RBAC and access policies.

Projects can be used to manage access to Windows servers, Linux servers, or web applications. You can think of a project as a programmable Certificate Authority for client certificates, including OpenSSH CA certificates and X.509 certificates, as well as signed objects such as JWTs.

No matter what you’re going to secure with ScaleFT, you’ll need at least one project. For your initial configuration, you can just create one project, and leave all the settings as defaults for now.

Creating a New Project

To create a project in the Dashboard, click “Projects” in the top bar, then click “New Project”.

Naming a Project

Choose a unique name to identify your project. It may not contain spaces or special characters, other than -, _, or ..

Server User Account Management

The ScaleFT Agent can be configured to create and manage local user accounts on your servers. This option is enabled on new projects by default.

If your project is configured to create server accounts for users, you can view a list of user accounts that the ScaleFT agent will create on servers under the “Permissions” tab of your project.

The alternative user management configurations for ScaleFT entail more coordination between your Identity Provider and your CM system. Please reach out to Support if you would like to deploy ScaleFT without enabling this feature.

Server User Account Management documentation

Granting Permissions

The default permission level is "No Access"
Be sure to grant yourself permissions to access your resources.

To grant permissions on a project to a group, under the Project view, click on the “Permissions” tab, then click “Add Group”. You can then configure Server Account Permissions and other options when adding the group to the project.

During a trial or POC, it’s usual to just grant permissions to the everyone group while you’re figuring out how you want to configure ScaleFT. You can always add more configurations later.

Group documentation

Server Account Permissions

When the User Management feature is enabled, ScaleFT will create an account for each member of a group which has been granted access to the project. You can configure the permissions of these accounts when you add the group to the project.

Choosing “Admin” under Server Account Permissions will cause user accounts created by the agent to have sudo on Linux, or Administrator privileges on Windows.

Choosing “User” when granting access to a group will grant users in that group the ability to log into the server, but not to have administrative permissions on the server.