Create Windows Access Gateway service account

Access Gateway requires a set of known Windows credentials, which will be used by the instance to configure the Kerberos service. We refer to this user as the Access Gateway service account.

  1. Return to or sign in to your Windows server.
  2. Start the Active Directory Users and Computers application.
  3. Select the appropriate instance for Access Gateway, in this example isaasgateway.net, and then  Users > New User.
  4. Create a new Okta Access Gateway user and click Next.
    For example:
    First name: oag
    Last name: service
    User logon name: oag
  5. Specify an appropriate password.
  6. Ensure that User cannot change password and
    Password never expires check boxes are selected, then click Next.
  7. In the final New Object - User dialog box, click Next.
  8. Right click the new user and show properties and note the following properties:
    User logon name: oag@idaasgateway.net
    Pre windows 2000 prefix: IDAASGATEWAY

Next steps

Create keytab