Add an Oracle Access Gate Application

Before you begin

Ensure that:

• Access Gateway is installed and configured for use.
  See Manage Access Gateway deployment.
• Access Gateway has been configured to use your Okta tenant as IDP.
  See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
  
• You have administrator rights on your Okta tenant and can assign applications to users and create groups.
• An external Oracle Access Gate application that requires protection.
• The external app version is supported. Oracle Access Gate supported versions include:
• v10g or later
• Appropriate DNS entries for both the legacy application and the exposed new URL exist.
  
• Appropriate DNS entries for both the protected application and the external URL exist. For example:
  

  Value	Description
  https://access-gate.externalexample.com	External or customer facing application URL.
  https://access-gate.internalexample.com	Internal or protected application URL of Oracle EBS Access Gate.

• Access information for the OID instance is available, including:

  Value	Description
  Name of OID Host	The resolvable name of the machine hosting OID.
  OID Port	OID Port
  Bind Name/password	The binding name and password on the OID host.
  CN cn=Users,dc=domain,dc=com	User search attribute and base.

Steps

1. Create the application in Access Gateway
2. Test the application

Create the application in Access Gateway

1. Sign in to the Access Gateway Admin UI console.

2. Click the Applications tab.

3. Click +Add to add a new application.

4. Select the Oracle Access Gate option from the application menu, and click Create.

   

   The New Protected Application wizard starts and displays the Essentials pane for the application being added.

5. In the Essentials pane specify the following:
   

   Field	Value
   Label	A name for the application.
   Public Domain	A fully qualified host name such as <yourexternalname>.<your domain>. In the example provided, this would be access-gate.externalexample.com.
   Protected Web Resource	The URL of the internal, protected, application. In the example provided, this would be access-gate.internalexample.com:<port>/<path> Where: port - the port Oracle Access Gate is listening on for HTTP requests. path - represents the path to the application.
   Group	Enter the group containing the users who should have access to the application.
   Post Login URL	Enter or modify the Post Login URL. By default this field is enabled and contains value: access-gate.externalexample.com/OA_HTML/AppsLogin.
   Description	Optional. An appropriate description for your application.



Important

While optional, Okta recommends that all applications include certificates.
See About Access Gateway certificates for general information about certificate.
See Certificate management tasks for a general task flow for obtaining and assigning certificates.  

6. Expand the Certificates tab.
   
   

   Note

   By default a wildcard self signed certificate is created and assigned to the application when the application is initially created.

7. Optional. Click Generate self-signed certificate
   
   A self-signed certificate is created and automatically assigned to the application.
8. Optional. Select an existing certificate from the list of provided certificates.
   Use the Search field to narrow the set of certificates by common name.
   Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.
   
   
9. Click Next. The Attributes pane appears.
10. The Applications page provides a list settings particular to Oracle Access Gate.
    Confirm the following fields and click Validate.
    

    Field	Value
    OID Datasource	Enabled.  For more information on data sources see Administer data stores
    OID Host	Fully qualified host name of the OID Host. Default ebs-iam.internalhost.com.
    OID Port	The port used to connect to the OID host. Defaults 3060.
    Bind User	The user use for OID access. Defaults cn=oracleuser.
    Bind User Password	Password for Bind User.
    Base	User search base Default cn=Users,dc=domain,dc=com
    User Search Attribute	Attribute to search OID using. Default CN.
    Matching Attribute	Okta attribute used for matching. Default: USER_NAME. General examples: ${ATTRIBUTE@idp]} - single IDP ${ATTRIBUTE@idp[0]} - multiple IDP Where ATTRIBUTE is an Okta tenant attribute rather then an Access Gateway attribute. Similar, in concept, to matching filter in LDAP DataStores.

11. Click Next when complete.
12. The Attributes page provides a list of attributes that are passed into the application as header fields.
    Confirm the attributes match those required by Oracle Access Gate.

    Datasource	Value	NAME
    idp	email	USER_NAME
    oid	orclguid	USER_ORCLGUID

    As required, use the Edit () icon to modify the name and other values associated with each attribute.
    Add or modify any additional required attributes. See Application attributes. for more information on attribute options.
    
13. Click Next. The Policies pane appears.
14. Leave all policies unchanged and click Done.
    See Managing application policy for more information on application policies.
    

Test the application

The following steps assign the application to a test account and then execute the application to verify basic functionality.

Related topics

• See Access Gateway supported application and version information for details of supported application and version information.
• See Add a generic header application.
• See Add a sample policy application.
• See Troubleshoot applications.
• Add or review application essential settings. See About application essentials and Manage application essentials.
• Add application behaviors. See About application behaviors.
• Add fine grained policy to further protect resources. See About application policy and Manage access control application policy for an overview on user policy and for examples respectively.
• Extend existing policy using custom configuration. See Advanced Access Gateway policy.