Application integration overview
One of the most common activities performed by administrators is web application integration. Access Gateway applications represent the connection between an external resource, and the internal application protected by Access Gateway.
Access Gateway is built and deployed to sit in front of a secured web application. When Access Gateway receives a request from a user, and depending on application policy, it will let the user access the web app without requiring any authentication. Initially, Access Gateway will redirect the user to Okta for authentication (per tenant specific Okta Authentication Policy). Once authenticated, the Okta tenant will send a SAML assertion to Access Gateway. Additionally, Access Gateways own authorization checks will be performed on the URL before allowing the users request to be sent to the web application.
The Access Gateway Admin UI is used to configure web application definitions. Once an application definition is saved in Access Gateway, an application tile is created in the associated Okta tenant. All settings for the Okta tenant application are created automatically without further Administrator action. Within Access Gateway, the application creation process is first identifies the application to the Gateway. Once created, HTTP headers, Kerberos tokens and other information are defined, including authorization policies. For web applications with their own authentication, the web application must be integrated with Access Gateway to avoid the application from presenting its own login page to the user, possibly resulting in a double authentication. The primary mechanisms Access Gateway uses for web application integration are HTTP Headers and KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. tokens.
Access Gateway supports adding various common and proprietary application types, including header based, cookie based, various Kerberos, Oracle and others.
Application definitions are broken up into three main areas:
- Essentials - Common configuration such as front end and protected resource URL as well as other common characteristics
- Advanced - Configuration for session duration, content rewriting, certificates and more
- Behavior - Configuration to customize out of the box behavior such as what to do on error conditions, logout, session expiration and more.
For details adding applications see: Integrate applications with Access Gateway.
For a complete list of all supported application types see: Access Gateway Supported Applications