Sample proxy application

The purpose of this tutorial is to walk through the process of setting up a sample proxy application through the Access Gateway Admin UI console.
Proxy applications are typically used to redirect a request from one URL to another. They often use a query or similar mechanism to redirect from a root URL plus a resource path to a specific URL.
Example proxy forwarding

Before you begin

Ensure that:

  • Access Gateway is installed and configured for use.
    See Manage Access Gateway deployment.
  • Access Gateway has been configured to use your Okta tenant as IDP.
    See Configure your Okta tenant as an Identity Provider for more information about configuring your Okta tenant as an IDP.
  • You have administrator rights on your Okta tenant and can assign applications to users and create groups.
  • Appropriate DNS entries exist for the application.

Create sample proxy application

  1. Sign in to the Access Gateway Admin UI console.
  2. Click the Applications tab.

  3. Click +Add to add a new application.

  4. Select the Access Gateway Sample Policy option from the left column menu, and click Create.

    Select add and click Sample Proxy App.

    The New Protected Application wizard will start and display the Setting tab for the application being added.

  5. In the Essentials pane specify the following:

    Field Value
    Label A name for the application. Default is Sample Policy App.
    Public Domain A fully qualified host name, such as policy.<your domain tld>
    Protected Web Resource The Web resource protected by application
    Group Enter the group containing the users who should have access to the application.
    Description Optional. An appropriate description for your application.
  6. Important Note


    While optional, Okta recommends that all applications include certificates.
    See About Access Gateway certificates for general information about certificate.
    See Certificate management tasks for a general task flow for obtaining and assigning certificates.  

  7. Expand the Certificates tab.


    By default a wildcard self signed certificate is created and assigned to the application when the application is initially created.

  8. Optional. Click Generate self-signed certificate

    A self-signed certificate is created and automatically assigned to the application.
  9. Optional. Select an existing certificate from the list of provided certificates.
    Use the Search field to narrow the set of certificates by common name.
    Use the page forward (>)and backward(<) arrows to navigate through the list of available certificates.

  10. Cick Next.

  11. Review the Attributes pane and then click Next.

  12. Review the Policy pane which includes a set of sample policies for redirecting requests.

  13. Select one of the policy statements and click Edit.
    Examine policy for redirection.

  14. Each policy statement includes a resource path and advanced configuration.
    Expand the Advanced section.
    Examine a redirect policy.
    Redirecting requests can require making changes to the request. Changes often include resetting header or cookie fields as well as others.
    Some common examples are provided in the following image.

    Examine Advanced configuration.
    See NGINX Proxy set header and NGINX proxy cookie domain.

  15. Click Okay.

  16. Click Done. Access Gateway adds the new application and then redirects to the Applications tab.


  1. Click Goto application and select IDP Initiated to verify that the application is working.

    Test a sample proxy application

  2. In the application page, review and verify that the sample policy app matches your profile information.
    Example proxy application

Related topics