Add an Oracle Access Gate Application

Overview

The purpose of this tutorial is to walk through the process of setting up an Oracle Access Gate application through the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console.

Prerequisites

Access Gateway is installed and configured for use.
See Deploy Access Gateway Using an OVA Image
Access Gateway has been configured to use your Okta tenant as iDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta..
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an idP.
You have administrator rights on your Okta tenant and can assign applications to users, and create groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
An external Oracle Access Gateway Server based application which requires protection.
Appropriate DNS entries for both the legacy application and the exposed new URL exist.

Appropriate DNS entries for both the protected application and the external URL for example:

Value	Description
https://externalOAG.externalexample.com	External or customer facing application URL.
https://internalOAG.internalexample.com	Internal or protected application URL of Oracle EBS Access Gate.

Access information for the OID instance is available, including:

Value	Description
Name of OID Host	The resolvable name of the machine hosting OID.
OID Port	OID Port
Bind Name/password	The binding name and password on the OID host.
CN cn=Users,dc=domain,dc=com	User search attribute and base

Create the Application in Access Gateway

Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance..
In the Access Gateway Admin UI, sign in as an administrator.
Click the Applications tab.
Click +Add to add a new application.
Select the Oracle WebLogic option from the left column menu, and click Create.

The New Protected Application wizard will start and display the Essentials pane for the application being added.

In the Essentials pane specify the following:

Field	Value
Label	A name for the application.
Public Domain	A fully qualified host name such as <yourexteralname>.<your domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https).>. In the example provided this would be ebs-app.externalexample.com.
Protected Web Resource	The URL of the internal, protected, application. In the example provided this would be ebs-app.internalexample.com:<port>/<path> Where: port - the port Oracle Access Gate is listening on for http requests. path - represents the path to the application.
Group	Enter the group containing the users who should have access to the application.
Post Login URL	Enter or modify the post login URL. By default this field is enabled and contains value: ebs-app.externalexample.com/OA_HTML/AppsLogin
Description	[optional] An appropriate description for your application.

Click Next.
The Applications pane appears.

The Applications page provides a list settings particular to Oracle Access Gate.
Confirm the following fields and click Validate.
Click Next when complete.

Field	Value
OID Datasource	Enabled. For more information on data sources seeAdminister DataStores
OID Host	Fully qualified host name of the OID Host. Detault ebs-iam.internalhost.com.
OID Port	The port used to connect to the OID host. Defaults 3060.
Bind User	The user use for OID access. Defaults cn=oracleuser.
Bind User Password	Password for Bind User.
Base	User search base Default cn=Users,dc=domain,dc=com
User Search Attribute	Attribute to search OID using. Default CN.
Matching Attribute	Attribute used for matching in the attributes step. Default: USER_NAME.

The Attributes page provides a list of attributes that will be passed into the application as header fields.
Datasource
Value
NAME
idp
email
USER_NAME
oid
orclguid
USER_ORCLGUID
Use the pencil icon icon to edit the name and other values associated with this attribute as required.
Add or modify any required attributes, and click Next.
For more information on the attribute options, see Application Attributes.
The Policies pane appears.
Leave all policies unchanged and click Done.
For more information on Application policies see Application Policy Overview and Administration User Policy Guide.

Datasource	Value	NAME
idp	email	USER_NAME
oid	orclguid	USER_ORCLGUID

Test the Application

The following steps assign the application to a test account and then execute the application to verify basic functionality.

Assign the application

Login to your Okta tenant as administrator.
Select Application > Applications.
Click the name of the newly added header application.
Select the Assignments tab.
Select Assign > Assign To People.
Select an appropriate user and click Assign.

Note

Testing is typically initially done using the same user who is associated with administering Access Gateway
Click Done.

Execute the Application

Return to the Access Gateway admin console.
On the row representing the newly added appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in., select one of Goto application > IDP Initiated or Goto application > SPAn acronym for service provider. Generally, an SP is a company, usually providing organizations with communications, storage, processing, and a host of other services. Within Okta, it is any website that accepts SAML responses as a way of signing in users, and has the ability to redirect a user to an IdP (e.g., Okta) to begin the authentication process. Initiated.
Verify the resulting page displays as expected.
Close the results page.

Next Steps

Add or review application settings. For more details see Application Settings.
Add application behaviors. For details and examples of behaviors see Administer Behaviors.
Add fine grained policy to further protect resources.
An overview of user policy can be found in Application Policy User Overview.
For details and examples of policy see Administration User Policy Guide.
Extend existing policy using Custom configuration, see Advanced Policy.
Define one or more certificates for use with this application. See Certificate Management
Add supplemental database or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. based data stores. For more information see Administer DataStores

Top