Add a no-auth app to Access Gateway
The purpose of this tutorial is to walk through the process of setting up a no-auth application through the Access Gateway Admin UI console
- Access Gateway is installed and configured for use.
See Manage Access Gateway deployment.
- Access Gateway has been configured to use your Okta tenant as IDP.
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
- You have administrator rights on your Okta tenant and can assign applications to users and create groups.
- Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
Click +Add to add a new application.
Select the No-auth application type from the list available in the left section of the page and click Create.
The New Protected Application wizard will start and display the Setting tab for the application being added.
- The Settings page provides options to configure the
application. Review the options and make the appropriate changes.
SeeAbout application settingsfor more information on the application settings options.
- Enter the following values in their respective fields, and click
Field Value Public Domain noauth.okta.com Protected Web Resource https://header.service.gateway Post Login URL https://noauth.okta.com Groups Select the IDP group that can access this application.
- Expand the Certificates tab.
By default a wildcard self signed certificate is created and assigned to the application when the application is initially created.
- Optional. Click Generate self-signed certificate
A self-signed certificate is created and automatically assigned to the application.
- Optional. Select an existing certificate from the list of provided certificates.
Use the Search field to narrow the set of certificates by common name.
Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.
- Click Next. The Attributes pane appears.
The Attributes page provides a list of attributes that are passed into the application. This page also provides the ability to add, edit, or remove any attribute.
See Application attributes for more information on the attribute optionsApplication attributes
Add any required attributes, and click Next. The Policies pane appears.
- The Policies pane provides a list of protection policies (if any
exist) for the application.
Leave all policies unchanged and click Done.
See Managing application policy for more information on application policies.
While optional, Okta recommends that all applications include certificates.
See About Access Gateway certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.
Make sure that the public domain defined in Essentials section is added to the local hosts file pointing to the machine that hosts Access Gateway. For example, the application in this example has been created using the public domain:
header.service.gateway. In order to access this, you must add
xxx.xxx.xxx.xxx noauth.okta.comto the local hosts file where
xxx.xxx.xxx.xxxis the IP address of the machine that hosts Access Gateway.
When testing, note that the address bar changes the Header Local URL to the Public Domain URL (in this example, https://noauth-okta.com).
The following steps assign the application to a test account and then execute the application to verify basic functionality.
Assign the application
Sign in to your Okta tenant as an administrator.
In the Admin Console, go to Applications > Applications.
Click the name of the newly added header application.
Select the Assignments tab.
Select .Assign > Assign To People.
Select an appropriate user and click Assign.
Testing is typically initially done using the same user who is associated with administering Access Gateway.
Execute the application
Return to the Access Gateway Admin UI console.
On the row representing the newly added no-auth app, select Goto application > SP Initiated.
- Verify the Results page displays all expected attribute values.
- Close the Results page.
On the Results page, review and verify that No-auth App sent the expected profile information.
If the application is configured properly, you will be able to access this Protected Web Resource using the Public Domain address configured in the Access Gateway app.
- See Access Gateway supported application and version information for details of supported application and version information.
- See Add a generic header application.
- See Add a sample policy application.
- See Troubleshoot applications.
- Add or review application essential settings. See About application essentials and Manage application essentials.
- Add application behaviors. See About application behaviors.
- Add fine grained policy to further protect resources. See About application policy and Manage access control application policy for an overview on user policy and for examples respectively.
- Extend existing policy using custom configuration. See Advanced Access Gateway policy.