Application Settings

Overview

The purpose of guide is to describe Access Gateway application settings and how they can be used and managed.


What’s covered in this guide

  1. Concepts
  2. Accessing Settings
  3. Essentials
  4. Advanced
  5. Behaviors

Concepts

When creating an application configuration in Access Gateway, the Settings pane contains core application configuration and is broken into three sub tabs or panes.

Accessing Settings

To access application settings:

  1. Navigate to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. and login.
  2. Select the Applications tab.
  3. Click the pencil icon ()to open an application for edit.
    Info

    Note

    Clicking an applications label in the Topology pane also opens the application for edit.

  4. Select the Settings tab.

Essentials

The Essentials pane contains basic information required by all applications.
Depending on the type of application, the Essentials pane may include additional application specific fields.

The Essentials Pane with callouts for the main fields: Label, Public Domain, PostLogin URL and others.
The Essentials Pane

The Essentials pane includes:

Field Description

Comments

Label The name of the application. Tile name in Okta Tenant.

Required

Public Domain URL of domain entered by users to gain access to this application. Must be in DNS.

Requied

Post Login URL Default URL users will be directed to on successful authentication. Defaults to Public Domain.

Optional

GroupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. Okta Tenant group(s) who are granted access to application.

Required

Description Optional description

Optional

Service Provider Metadata

Metadata about the application can be obtained using the Service Provider Metadata button.

Service Provider Metadata is used when additional details about the application are required. Note that metadata can also be downloaded if required.
Service Provider meta data example

Advanced

The Advanced pane includes additional fields supporting targeting more specific features such as session time out, duration, content re-writing, certificate use and more.

The Advanced Pane

The Advanced pane includes:

Field Description Comments
Browser Session Expiration Application Session will be set to expire with the browser's session Default: Disabled.
Idle Session Duration Will destroy application session if user is idle for this duration. Default: 1h.
Format:#units
For example 60s, 30m.
Minimum 60s
Maximum Session Duration Maximum application session duration. Enter zero for no max session.
Format number with d, s, m or h.
Default: 8h
Format:#units
Default unit is seconds if no unit specified.

Deep LinkingAllows users to directly access parts of an application. If supported, users can navigate to a deep link and authenticate to an application using SP-initiated SAML SSO. After authentication, the user will be re-directed to a specific page in the SP instead of the homepage. Dynamically redirect browser to application URI after login. If disabled, only redirect to Post Login URL after login Default: Enabled
Enforce Deep linking Domain When enabled, Access Gateway only allow deep links that share the public domain name. If deep link domain does not match, Access Gateway will only use the post login URL Default: Enabled

Content Rewrite

Access Gateway will attempt to rewrite URLs and redirects in application HTML content

Default: Enabled

Host header

Access Gateway will send the Host header to backend application

Default: Disabled

Certificate Type

Create a wildcard or host-only certificate

Default: Enabled. Create host-only certificate.

Debug mode

Puts this appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. into debug mode.
Useful for initial setup and troubleshooting. Can have significance impact on system performance and should be disabled in production systems

Default: Enabled

Maximum File Upload Size Maximum file upload size. 0 = unlimited.

Default: 1MB

Backend Timeout duration

0 is unlimited. File must be smaller than this value

Backend Timeout duration

1m

Minimum timeout for reads to backend system.

Default:1m Format:#units

Behaviors

Behaviors:

  • Provide a specialized mechanism for handling a variety of unusual or unexpected conditions.
  • Allow for the definition of specialized actions such as:
    • Logout - What to do when users log out.
    • Error - Define actions based on errors.
    • Policy - Define actions based on denying policy.
    • Inactive or offline applications - Define actions based on unavailable applications.

Behaviors are covered in detail in Administer Behaviors

Next Steps

Top