To autodiscover a target, you need to install BastionZero's agent on that target. 

BastionZero can autodiscover targets without requiring you to set up a VPN or configure SSH keys. Upon startup, the agent phones home to a whitelisted address (via a websocket over TLS). The agent then registers the target to BastionZero, without requiring you to set up SSH keys.  There is no need for a VPN because the agent initiates an out-bound connection from the public cloud or data-center. The agent is still locked down because it does not accept incoming connections, and because it only phones home to the whitelisted address.  

The agent identifies itself to BastionZero using an activation code, as shown in the figure.

Setting it up: BastionZero Admins can set up autodiscovery using a script that is available in the BastionZero webapp.

Click the "Create" button (top right) and then Target -> Autodiscovery to grab scripts you can use (as user data or as part of your target provisioning system) to install the BastionZero agent on your targets. You should specify the environment you want the target to land in, the naming scheme, and the OS for the target, and then hit the copy button to get the script.

The script can be run as user data when you start up your target, or incorporated into your instance provisioning system.

 To be discovered, your target will need the ability to connect out to the public Internet (not a public IP, just the ability to connect).