In ScaleFT, a project is an authorization scope, similar to a Domain in Active Directory, or a Realm in Kerberos.
A project associates a collection of resources with a set of configurations, including RBAC and access policies.
Projects can be used to manage access to Windows servers, Linux servers, or web applications. You can think of a project as a programmable Certificate Authority for client certificates, including OpenSSH CA certificates and X.509 certificates, as well as signed objects such as JWTs.
No matter what you’re going to secure with ScaleFT, you’ll need at least one project. For your initial configuration, you can just create one project, and leave all the settings as defaults for now.
To create a project in the Dashboard, click “Projects” in the top bar, then click “New Project”.
Choose a unique name to identify your project. It may not contain spaces or special characters, other than
The ScaleFT Agent can be configured to create and manage local user accounts on your servers. This option is enabled on new projects by default.
If your project is configured to create server accounts for users, you can view a list of user accounts that the ScaleFT agent will create on servers under the “Permissions” tab of your project.
The alternative user management configurations for ScaleFT entail more coordination between your Identity Provider and your CM system. Please reach out to Support if you would like to deploy ScaleFT without enabling this feature.
To grant permissions on a project to a group, under the Project view, click on the “Permissions” tab, then click “Add Group”. You can then configure Server Account Permissions and other options when adding the group to the project.
During a trial or POC, it’s usual to just grant permissions to the
everyone group while you’re figuring out how you want to configure ScaleFT. You can always add more configurations later.
If your project is configured to manage user accounts on servers, ScaleFT will create an account for each member of a group which has been granted access to the project. You can configure the permissions of these accounts when you add the group to the project.
Choosing “Admin” under Server Account Permissions will cause user accounts created by the agent to have
sudo on Linux, or Administrator privileges on Windows.
Choosing “User” when granting access to a group will grant users in that group the ability to log into the server, but not to have administrative permissions on the server.