Add SAML pass-through application
SAML pass through applications are a combination of applications in an Okta org, an Access Gateway SAML proxy application and configuration. The architecture, flow and tasks required to create a SAML pass through application are described below.
Architecture
The SAML pass through architecture is composed of:
- Split DNS - Internal users access the SAML aware application using the same DNS name as internet based users, however the address provided is either the IP address of Access Gateway (external or internet based) or the IP address of the SAML aware application (internal users).
- Okta SAML application - An Okta based application, used behind the scenes and hidden from the user.
- Access Gateway and application - proxies SAML requests. The application itself is hidden from users as it is not used directly.
- Okta bookmark application - Used by those who access the application from within their Okta org.
For details see: SAML pass through reference architecture
Before you begin
- Requires split DNS model, where:
- The DNS name for the backend server needs to be the same as the Access Gateway DNS name.
- The internal (non-internet) DNS must resolve to the actual SAML aware application server.
- The external (internet facing) DNS must resolve to the Access Gateway.
Typical workflow
|
Task |
Description |
|---|---|
| Create a containing group |
|
|
Collect required SAML |
|
| Create Okta SAML application |
|
|
Create Access Gateway SAML proxy application |
|
| Create Okta bookmark application |
|
|
Hide applications |
|
| Test the application |
Related topics
- See Access Gateway supported application and version information for details of supported application and version information.
- See Add a generic header application.
- See Add a sample policy application.
- See Troubleshoot applications.
- Add or review application essential settings. See About application essentials and Manage application essentials.
- Add application behaviors. See About application behaviors.
- Add fine grained policy to further protect resources. See About application policy and Manage access control application policy for an overview on user policy and for examples respectively.
- Extend existing policy using custom configuration. See Advanced Access Gateway policy.