About Access Gateway

Okta Access Gateway is a reverse proxy based virtual application, designed to secure web applications that don't natively support SAML or OIDC. Access Gateway integrates with legacy applications using HTTP headers and Kerberos tokens, and offers URL-based authorization and more. You can use Access Gateway to seamlessly integrate your legacy web based applications with Okta’s Cloud Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) services. And because Access Gateway is deployed behind the firewall, it lets external users access on-premises web-based applications without the need for traditional VPNs.

Access Gateway is an ideal solution for any Okta customer where:

  • Your enterprise wants to unify all Identity and Access Management under an Okta platform, but requires integration with web applications that don't support federations, such as SAML and WS-Fed.

  • Your vendors, customers, or partners must access your internal business web applications, such as SharePoint, Oracle E-Business Suite, and others, from the internet.

  • You must restrict unauthorized network access to your web applications.

  • Your enterprise has web applications that lack a native authentication mechanism.

  • Your company is looking for a cost-effective replacement for your on-premises Web Access Management (WAM) solution.

Access Gateway is easy to install whether you are installing in to your own virtualization platform or in to a cloud-based computing platform, such as AWS, Azure, Oracle Cloud Infrastructure, or others. Access Gateway is a high-performance appliance that is installed within your hosting solution of choice and leverages your DNS and networking to provide services.



Access Gateway focuses on Web (HTTP/HTTPS) based applications and doesn't support other protocols.

An Access Gateway deployment is typically composed of :

  • Okta tenant or Okta org (1):
    All implementations at Okta start with an Okta tenant. Your Okta tenant represents your real world application including users and applications and multifactor authentication. Users access their org and are presented with a list of administered application tiles, which can be used to access their applications. Your Okta tenant manages users, groups, profile information and other details. Your Okta tenant can be your Universal Directory or it can be linked to another universal directory. It can be a combination of the two as well.
  • Virtualization environment (2):
    Access Gateway is a virtual appliance and must be hosted in an appropriate virtualization environment. You can host Access Gateway directly on any computer that supports Oracle Virtual Box v5.0 or later. You can also install it in other supported environments. See Okta Access Gateway Supported Technologies.
  • Virtual appliance (3):
    Access Gateway is a 100% self contained virtual appliance. You can download Access Gateway from Okta org > Settings > Downloads and deploy it in a supported environment. After deployment, you can manage it using command line and GUI based tools. In high availability scenarios, you can deploy Access Gateway as many times as needed to meet reliability and throughput requirements.
  • Protected applications (4):
    Access Gateway protects application resources. These resources may be applications based on header, SAML, custom Web, Kerberos, or other web applications.
  • Policy:
    Access Gateway can protect applications using fine grained application policy. You can define user groups and protect individual parts of applications by configuring relevant policy statements.
Access Gateway Component overview