<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
ASA/OPA with Multiple IP Addresses on the Target Host
Aug 29, 2025
Advanced Server Access
Okta Classic Engine
Okta Identity Engine
Overview

When the environment is complex, or IPs are frequently changing/possibly unknown to an Administrator, it might be easier to configure ASA to use the Interface name rather than a specific IP address.

When installing the Agent, use AccessInterface as a Configuration Option in the sftd.yaml file, as opposed to AccessAddress.

Applies To
  • Advanced Server Access (ASA)
  • Okta Privileged Access (OPA)
Cause

When specifying the AccessAddress in the configuration, this specifies the IP address that clients will use when connecting to this host, which might be limiting to an admin if the specific IP address is unknown.

Solution
  • For hosts with multiple interfaces or IP addresses, or when the IP address is unknown, the AccessInterface(ASA) / AccessInterface(OPA)  configuration parameter specifies the interface that clients will use when connecting to this host.
  • When installing the agent, use the AccessInterface configuration parameter to specify which Interface will be used when connecting via ASA.
  • Name the Interface, and ASA will use a string match to what exists on the target Host.

Recommended content

Still looking for help?
Loading
ASA/OPA with Multiple IP Addresses on the Target Host