Migrating Existing Users to Zero Trust
Existing users can be migrated to use Zero Trust.
Old authorizations will not work after reverting migration, if the key has been renewed any time after migration.
Authorized keys migrated to PrivX do not carry from-stanza limitations, or any other key options the original authorized keys might have had.
Migrating User to Zero Trust
To migrate a user to Zero Trust:
-
In Key Manager GUI, navigate to the User Keys→Users page.
-
Select the target user and select the Migrate to Zero Trust action.
-
In the opening Zero Trust migration window, specify a PrivX role for the Zero Trust connections. Approve the selected role. Click Migrate.
If the user has more than one private key, they will be listed, alongside the related authorized keys. All the private keys of the selected user will be migrated.
noteIf other users share the same private key, they will be able to access the migrated user's account as well. To prevent users with duplicate keys from accessing the Zero Trust account, we recommend renewing the migrated private keys.
Reverting Zero Trust Migration
It is possible to revert a Zero Trust migration to allow you to create traditional SSH keys for a user.
Note that reverting only affects the private key, not the authorizations related to that private key.
To revert a Zero Trust migration:
-
In Key Manager GUI, navigate to the User Keys→Users page.
-
Select the target Zero Trust enabled user, and select the Revert Zero Trust migration action.