Identity provider initiated flow
Requests can be initiated to a service provider or using an Okta tenant. This diagram represent an Identify provider initiated flow.
User signs in to Okta.
Okta send user identity SAML assertion to Access Gateway.
Access Gateway adds required application attributes
Protected web resource receives request, and returns response to Access Gateway
Access Gateway performs any required rewrites and returns response.