Protected resource without session sequence flow

The protected resource, without session sequence represents the sequence of events which occur when a user attempts to access a protected web resource, in a known application, where no existing Access Gateway session exists.

Sequence flow

Events

Step Description
1 User signs into Okta.
2 Access Gateway checks for session.
3 Access Gateway checks if resource is protected.
4 Access Gateway makes a SAML authentication request to the users browser.
5 Okta request login.
6 User sends credentials and other MFA as required to Okta.
7 Okta returns SAML assertion to browser.
8 Browser forwards request with SAML assertion.
9 Access Gateway creates session for application.
10 Access Gateway evaluates request in the context of any associated policy
11 Access Gateway forwards request with all defined headers to application.
12 Application returns request to Access Gateway.
13 Access Gateway rewrites and returns response to User.

Related topics

Reference architectures

About Access Gateway DNS use

About Access Gateway high availability

About Access Gateway prerequisites