Add a Sample Proxy Application
The purpose of this tutorial is to walk through the process of setting up a sample proxy application through the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Console.
Proxy applications are typically used to redirect a request from one URL to another, or often to use a query or similar mechanism to redirect from a root URL plus a resource path to a specific URL.
- Access Gateway is installed and configured for use.
See Setup Access Gateway Using an OVA Image
- Access Gateway has been configured to use your Okta tenant as iDPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta..
See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an idP.
- You have administrator rights on your Okta tenant and can assign applications to users, and create groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups..
Appropriate DNS entries exist for the application.
- Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. and login as admin.
- Click the Applications tab
- Click + Add to add a new application.
Select the Access Gateway Sample Policy option from the left column menu, and click Create.
The New Protected Application wizard will start and display the Setting tab for the application being added.
In the Essentials pane specify the following:
Field Value Label A name for the application. Default is Sample Policy AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in.. Public DomainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). A fully qualified host name such as policy.<your domain tld> Protected Web Resource Web resource protected by application Group Enter the group containing the users who should have access to the application. Description [optional] An appropriate description for your application.
Review the Essentials page and then click Next.
Review the Attributes page and then click Next.
Review the Policy page which includes a set of sample policies for redirecting requests.
Select one of the policy statements and click the pencil() icon to open it.
Each Policy statement includes a resource path and advanced configuration.
Expand the Advanced section.
Redirecting requests can require changes to the request. Changes often include resetting header or cooke fields as well as others.
Some common examples are provided below.
For more information see:
When Complete click Okay.
When complete click Done.
Access Gateway will add the new application and then redirect to the Applications tab.
Select IDP Initiated from the drop down menu to verify the application is working.
- In the application page, review and verify that the Sample Policy App matches your profile information.
- Add or review application settings. For more details see Application Settings.
- Add application behaviors. For details and examples of behaviors seeAdminister Behaviors
- Add fine grained policy to further protect resources.
An overview of user policy can be found in Application Policy User Overview.
For details and examples of policy see Administration User Policy Guide.
- Extend existing policy using Custom configuration, see Advanced Policy.
- Define one or more certificates for use with this application. See Certificate Management
- Add supplemental database or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. based data stores. For more information see Administer DataStores