Application Settings


The purpose of guide is to describe Access Gateway application settings and how they can be used and managed.

What’s covered in this guide

  1. Concepts
  2. Accessing Settings
  3. Essentials
  4. Advanced
  5. Behaviors


When creating an application configuration in Access Gateway, the Settings pane contains core application configuration and is broken into three sub tabs or panes.

Accessing Settings

To access application settings:

  1. Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. and login.
  2. Select the Applications tab.
  3. Click the pencil icon ()to open an application for edit.


    Clicking an applications label in the Topology pane also opens the application for edit.

  4. Select the Settings tab.


The Essentials pane contains basic information required by all applications.
Depending on the type of application, the Essentials pane may include additional application specific fields.

The Essentials Pane with callouts for the main fields: Label, Public Domain, PostLogin URL and others.

The Essentials pane includes:

Field Description


Label The name of the application. Tile name in Okta Tenant.


Public Domain URL of domain entered by users to gain access to this application. Must be in DNS.


Post Login URL Default URL users will be directed to on successful authentication. Defaults to Public Domain.


GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. Okta Tenant group(s) who are granted access to application.


Description Optional description


Service Provider Metadata

Metadata about the application can be obtained using the Service Provider Metadata button.

Service Provider Metadata is used when additional details about the application are required. Note that metadata can also be downloaded if required.
Service Provider meta data example


The Advanced pane includes additional fields supporting targeting more specific features such as session time out, duration, content re-writing, certificate use and more.

The Advanced pane includes:

Field Description Comments
Browser Session Expiration Application Session will be set to expire with the browser's session Default: Disabled.
Idle Session Duration Will destroy application session if user is idle for this duration. Default: 1h.
For example 60s, 30m.
Minimum 60s
Maximum Session Duration Maximum application session duration. Enter zero for no max session.
Format number with d, s, m or h.
Default: 8h
Default unit is seconds if no unit specified.

Deep LinkingAllows users to directly access parts of an application. If supported, users can navigate to a deep link and authenticate to an application using SP-initiated SAML SSO. After authentication, the user will be re-directed to a specific page in the SP instead of the homepage. Dynamically redirect browser to application URI after login. If disabled, only redirect to Post Login URL after login Default: Enabled
Enforce Deep linking Domain When enabled, Access Gateway only allow deep links that share the public domain name. If deep link domain does not match, Access Gateway will only use the post login URL Default: Enabled

Content Rewrite

Access Gateway will attempt to rewrite URLs and redirects in application HTML content

Default: Enabled

Host header

Access Gateway will send the Host header to backend application

Default: Disabled

Certificate Type

Create a wildcard or host-only certificate

Default: Enabled. Create host-only certificate.

Debug mode

Puts this appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. into debug mode.
Useful for initial setup and troubleshooting. Can have significance impact on system performance and should be disabled in production systems

Default: Enabled

Maximum File Upload Size Maximum file upload size. 0 = unlimited.

Default: 1MB

Backend Timeout duration

0 is unlimited. File must be smaller than this value

Backend Timeout duration


Minimum timeout for reads to backend system.

Default:1m Format:#units



  • Provide a specialized mechanism for handling a variety of unusual or unexpected conditions.
  • Allow for the definition of specialized actions such as:
    • Logout - What to do when users log out.
    • Error - Define actions based on errors.
    • Policy - Define actions based on denying policy.
    • Inactive or offline applications - Define actions based on unavailable applications.

Behaviors are covered in detail in Administer Behaviors.