Starting with Resilio Connect v 2.8.0 new Agents that connect to Management Console without providing a valid bootstrap token must be approved (or declined) by the Administrator. All users who have "Full Access" to Agents as per user Roles on the Management Console can also approve or decline.
When the Agent requests approval, it sends its client_token to the Console which is then stored as "approved" or "declined" in the database on Management Console.
WHY IS APPROVAL NEEDED ?
As mentioned above, this mechanism works when Agents connects to Management Console without a valid bootstrap token. Basically, approval for connection will be requested in the following cases:
1) Initial connection of an Agent to Management Console. After clean installing of Agent and connecting it to the Management Console without agent config, or with invalid bootstrap token in Agent config.
2) Complete reinstallation of an Agent with its storage folder being cleared. It's basically the same as clean installation of Agent when Agent creates new setting files and sends newly created client_token to the Management Console.
This also means that if for some reason an Agent was not able to properly save settings, a new client_token will be generated and an Agent will request approval from the Management Console.
3) Admin deletes Agent from the Management Console. When it's done, current Agent's client_token is erased from the Management Console's database, and the Agent is being deleted from the Management Console as described in the linked article.
4) Agent attempts to connect to a different Console and then switch back to the first one. When an Agent tries connecting to a new Management Console address, it clears the token it sent to the previous Management Console.
Example: Agent is connected and approved on Management Console1; then the Agent switches connection to a Management Console2, either through the Agent UI or config file, and switches back to Management Console1, Approval will be required again from Management Console1.
HOW APPROVAL WORKS?
Approving an Agent is writing its client_token as 'approved' to Management Console's database. Until then, the Agent won't appear in list of Agents on the Management Console , it will be in is the list of "pending approvals" and will show relevant Status in its UI.
If an Agent has gone offline by the time the Administrator gets to approve it, the Agent will connect to the Management Console after coming back online.
WHAT IF ADMIN DECLINES A CONNECTION?
Agent won't connect to Management Console. The Agent must initiate a new connection to the Management Console in order to send a new request for approval.
On Windows and OS X Agent: in the Agent UI a warning will appear. Enter the Address of the Management Console again and click Connect.
On Linux: Restart the Agent either with "--server" or "--config" parameter depending on initial installation flow.