Add a no-auth app to Access Gateway

The purpose of this tutorial is to walk through the process of setting up a no-auth application through the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console.

Prerequisites

  • Admin login for Access Gateway Admin Console

Create the No-auth Application in Access Gateway

  1. In a web browser, log in to the Access Gateway Admin console using your login credentials.
  2. Click the Applications tab > Add.

  3. Select the No-auth application type from the list available in the left section of the page, and click Create.

Configure the No-auth Application Settings

  1. The Settings page provides options with which to configure the application. Review the options and make the appropriate changes. For more information on the application settings options, see Application Settings.

  2. Enter the following values in their respective fields, and click Next.

    Field Value
    Public DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). noauth.okta.com
    Protected Web Resource https://header.service.spgw
    Post Login URL https://noauth.okta.com
    GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. Select IDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. group that you want to allow access to this appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.

Configure the No-auth Application Attributes

The Attributes page provides a list of attributes that will be passed into the application. This page also provides the ability to add, edit, or remove any attribute. Review the default list of attributes, and click Next.

Configure the No-auth Application Policies

The Policies page provides a list of protection policies (if any exist) for the application. You can create policies to protect resource URLs, create rules using regular expression, and create custom rules.

  1. Click Done to finish the app installation.

  2. Confirm that your application is displayed and Active.

 

Note

  • Make sure that the public domain defined in step 1 of the Configure the No-auth Application Settings section is added to the local hosts file pointing to the machine that hosts Access Gateway. For example, the application in this example has been created using the public domain: header.service.spgw. In order to access this, you must add xxx.xxx.xxx.xxx noauth.okta.com to the local hosts file where xxx.xxx.xxx.xxx is the IP address of the machine that hosts Access Gateway.

  • When testing, note that the address bar changes the Header Local URL to the Public Domain URL (in this example, https://noauth-okta.com).

Test the No-auth Application

  1. In the Application tab, click the Goto App icon.

  2. Select SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. Initiated from the dropdown menu to launch the application.

  3. On the Results page, review and verify that No-auth App sent your matching profile information.

 

Note

If the application is configured properly, you will be able to access this Protect Web Resource via the Public Domain address configured in the Access Gateway App.

Top