Create Oracle AccessGate app

  1. Sign in to the Access Gateway Admin UI console.

  2. Click the Applications tab.

  3. Click +Add.

  4. Select the Oracle Access Gate option from the application menu. Click Create.

  5. In the Essentials pane specify the following:

    Field Value
    Label A name for the app.
    Public Domain A fully qualified hostname in the format yourexternalname.yourdomain.com
    Protected Web Resource The URL of the internal, protected app. For example, accessgate.yourdomain.com:port/path, where
    • port: The port Oracle AccessGate listens on for HTTP requests.
    • path: The path to the application.

    See Configure load balancing.
    Group The group that contains the users who should be able to access the app.

    Post Login URL

    		The Post Login URL. This field is enabled by default and contains the value:

    yourexternalname.yourdomain.com/OA_HTML/AppsLogin.
    Description Optional. A description for your app.
  6. Click Next.
  7. The Application pane provides a list settings particular to Oracle Access Gate.
    Confirm the following fields, modifying values as required, and click Validate.
    FieldValue
    OID DatasourceEnabled. See Administer data stores
    OID HostThe fully qualified hostname of the OID Host.

    The default value is: ebs-iam.internalhost.com

    OID PortThe port used to connect to the OID host. The default is port 3060.
    Bind UserThe user used for OID access.

    The default value is: cn=oracleuser.

    Bind User PasswordThe Bind User password.
    BaseUser search base.

    The default is: cn=Users,dc=domain,dc=com

    User Search Attribute

    		The attribute to search OID with.

    The default attribute is:CN.

    Matching Attribute

    		The Okta attribute used for matching.

    The default attribute to use is: USER_NAME

    General examples:

    • ${ATTRIBUTE@idp]} - single IDP

    • ${ATTRIBUTE@idp[0]} - multiple IDP

    Where ATTRIBUTE is an Okta tenant attribute, not an Access Gateway attribute. This is similar to matching filter in LDAP DataStores.

  8. Click Next.
  9. The Attributes page lists the attributes passed to the app as header fields. Confirm that the attributes match those required by the Oracle AccessGate app. Click Edit () to modify an attribute. Add or modify attributes as necessary. See Application attributes.
    Datasource

    Value

    		NAME
    idp

    email

    		USER_NAME
    oid

    orclguid

    		USER_ORCLGUID
  10. Click Next.
  11. Click Done.

See Manage application policy for additional information on policies.

Configure load balancing

Only use Access Gateway as the load balancer. See Load balancing.

  1. Expand the Protected Web Resource tab.
  2. Enable Load Balancing By Access Gateway.

    A table of hostnames and weights representing the target load balancing instances appears. This table is initially empty. Click edit to modify an entry in the table, or click delete to delete an entry.

  3. Choose either HTTP or HTTPS as the URL scheme. Each protected web resource that you add inherits this scheme.
  4. Optional. Enable and specify Host Header value.
  5. Complete the following steps to add a host, repeat as required:
    1. Click Add protected web resource.
    2. Enter a fully qualified hostname:port combination (for example, https://backendserver1.atko.com:7001).
    3. Enter a weight from 1 to 100. Enter 0 to specify that a host is disabled.

      Weights represent the percentage of requests that will be routed to this host.

      For example, two hosts of weights 2:1 would result in requests being routed ~66% to the host weighted 2 and ~33% to the host weighted 1.

    4. Click Okay.

  6. Optional. Configure health checks, which use GET operations to confirm that back-end resources are functional.

    New requests aren't routed to resources that have been labeled unhealthy by the health checks.

    1. Enable Load Balancer Health Check.
    2. Click Edit to modify health check settings.
    3. Modify settings as required.
      FieldValue

      Default

      PathURI to resource used in health check./
      MethodHTTP method used.Always GET
      Status codeHTTP status code used to determine health.200
      IntervalInterval between health checks in seconds.10
      Request timeoutHealth check request timeout in seconds.1
      Healthy thresholdNumber of successful requests before a host is considered healthy.3
      Unhealthy thresholdNumber of failed requests before a host is considered unhealthy.3
    4. Click Save to save changes or click Cancel to exit without saving.

Configure certificates

    While optional, Okta recommends that all applications include certificates.

    See Certificate use for general information about certificate, or Certificate management for a general task flow for obtaining and assigning certificates.

  1. Expand the Certificates tab.

    By default, when you create the application the system generates a self-signed wildcard certificate and assigns it to the app.

  2. Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the application.

  3. Optional. Select an existing certificate from the list of provided certificates.

    Use the Search field to narrow the set of certificates by common name. Use the page forward (>) and backward (<) arrows to navigate through the list of available certificates.

  4. Click Next. The Attributes pane appears. See Application attributes.

    The required attributes are pre-populated, and are presented for reference.

  5. Verify the login attribute:

    Data Source Field Type Name
    IDP

    login

    The attribute in your Okta tenant that stores the PeopleSoft username. This can be a different attribute or can use Okta username mapping to create the PeopleSoft username dynamically.

    		 Header PUBUSER
  6. Click Done.