About Okta as IdP
One of the first tasks required after deploying Access Gateway
is to configure an Okta org as an identify provider. Once configured Access Gateway interacts with the configured Okta org to provide a variety of services, the most common being authentication.
Access Gateway authenticates with an Okta org in one of two ways:
Okta Org initiated flow
In an Okta initiated flow, the user accesses an Okta tenant, logging in using a browser or hand held device(1). Okta authenticates(2) the user and directs them to their set of defined applications. When the user selects an app tile representing an application managed by Access Gateway the Okta org provided credential information, typically in the form of a SAML assertion to Access Gateway which then directs the request to the client application(4).
Direct to Access Gateway initiated flow
In the Direct to Access Gateway initiated flow, a user accesses an application proxied by Access Gateway directly (1). Access Gateway then asks Okta for authentication (2). The Okta org then authenticates(3) and returns back to Access Gateway the appropriate assertion(4). Access Gateway then forwards the request to the underlying protected application resource(5).