Add a no-auth app to Access Gateway
Overview
The purpose of this tutorial is to walk through the process of setting up a no-auth application through the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console.
Prerequisites
- Access Gateway is installed and configured for use.
See Deploy Access Gateway Using an OVA Image - Access Gateway has been configured to use your Okta tenant as iDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta..
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an idP. - You have administrator rights on your Okta tenant and can assign applications to users, and create groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
Create the No-auth Application in Access Gateway
- Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. and sign in as admin.
- Click the Applications tab
.
- Click + Add to add a new application.
-
Select the No-auth application type from the list available in the left section of the page, and click Create.
The New Protected Application wizard will start and display the Setting tab for the application being added.
Configure the No-auth Application Settings
- The Settings page provides options with which to configure the
application. Review the options and make the appropriate changes.
For more information on the application settings options, seeApplication Settings - Enter the following values in their respective fields, and click
Next.
Field Value Public DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). noauth.okta.com Protected Web Resource https://header.service.gateway Post Login URL https://noauth.okta.com Groups Select IDP group that should be able to access this application. - Review the Essentials page and then click Next.
The Attributes pane appears. -
The Attributes page provides a list of attributes that will be passed into the application.
This page also provides the ability to add, edit, or remove any attribute.
Add any required attributes, and click Next.
For more information on the attribute options, see Application AttributesThe Policies pane appears.
-
The Policies pane provides a list of protection policies (if any exist) for the application.
Leave all policies unchanged and click Done.
For more information on Application policies see Application Policy Overview and Administration User Policy Guide.
Note
-
Make sure that the public domain defined in Essential section is added to the local hosts file pointing to the machine that hosts Access Gateway. For example, the application in this example has been created using the public domain:
header.service.gateway. In order to access this, you must addxxx.xxx.xxx.xxx noauth.okta.comto the local hosts file wherexxx.xxx.xxx.xxxis the IP address of the machine that hosts Access Gateway. -
When testing, note that the address bar changes the Header Local URL to the Public Domain URL (in this example, https://noauth-okta.com).
Test the Application
The following steps assign the application to a test account and then execute the application to verify basic functionality.
Assign the application
-
Login to your Okta tenant as administrator.
-
Select Application > Applications.
-
Click the name of the newly added header application..
-
Select the Assignments tab.
-
Select .Assign > Assign To People.
-
Select an appropriate user and click Assign.
Note
Testing is typically initially done using the same user who is associated with administering Access Gateway
-
Click Done.
Execute the Application
-
Return to the Access Gateway admin console.
-
On the row representing the newly added no-auth appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., select Goto application > SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. Initiated.
- Verify the results page displays all expected attribute values.
- Close the results page.
-
On the Results page, review and verify that No-auth App sent the expected profile information.
Note
If the application is configured properly, you will be able to access this Protected Web Resource via the Public Domain address configured in the Access Gateway App.
Next Steps
- Add or review application settings. For more details see Application Settings.
- Add application behaviors. For details and examples of behaviors see Administer Behaviors.
- Add fine grained policy to further protect resources.
An overview of user policy can be found in Application Policy User Overview.
For details and examples of policy see Administration User Policy Guide. - Extend existing policy using Custom configuration, see Advanced Policy.
- Define one or more certificates for use with this application. See Certificate Management
- Add supplemental database or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. based data stores. For more information see Administer DataStores