Application integration Frequently Asked Questions
Access Gateway application integration frequently asked questions and best practices.
Question: After adding an appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. using the Access Gateway Console UI, I made a change to the app in my Okta tenant. Specifically, I modified the attributes being sent, and later noticed these changes weren't reflected in Access Gateway. What am I doing wrong?
Answer: You should never modify Access Gateway application attributes in your Okta tenant. All modification should be done using the Access Gateway AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. UI only. Your Okta tenant doesn't push application attribute changes to Access Gateway, and the next time the app is updated in Access Gateway those updates will overwrite any changes made in your Okta tenant. You should never change an applications SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. attributes in your Okta tenant directly.
Question:During initial development and testing, I assigned an application to the Everyone group using the Access Gateway Admin UI. Can I modify the application group within my Okta tenant?
Answer: Yes, changes made to the group assignments for an application are reflected in the Access Gateway Console UI for the affected application.
Question: Are there a set of common configuration changes I can make through the Okta tenant Admin Console?
Answer: Yes, areas which can be modified through your Okta tenant include groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., sign in policy, hiding or displaying the application tile, activating and deactivating the application.
Question: I created a test application using the Access Gateway Admin UI and deleted it within my Okta tenant. Is there anything else I need to do?
Answer: Applications can be deactivated and deleted within your Okta tenant. The application definition within Access Gateway is NOT deleted. To completely remove an application from within Access Gateway you must delete it using the Access Gateway Admin UI.
Question: Help! I accidentally deleted an Access Gateway application from within my Okta tenant! Can it be restored?
Answer: Yes! Access Gateway applications can be recreated within your Okta tenant by simply opening the application for edit. If the application was removed from your Okta tenant you will be asked if you wish to recreate it, answer yes. The application will then be recreated within your tenant. Keep in mind that previous change made on using the Okta OrgThe Okta container that represents a real-world organization. Admin UI , such as adding, deleting or modifying group assignments, must be reconfigured against to what is effectively a new application.
Question: Can I call out to a third party system and manipulate data before Okta passes the data to Access Gateway?
Answer : Yes, there are a several ways to do this. You could configure an Okta SAML Hook to change data, but if the app is updated in the Access Gateway, the hook information will be lost. You can also use Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API. to store the modified data in a custom attribute in the Okta user profile.
A third option is to use Access Gateway data stores to connect to either anLDAP or SQL database. You can then use that data store to add additional application data.
Question: I want to completely delete anAccess Gateway app how do i do that?
Answer: To completely delete an app, first delete it from Access Gateway using the Access Gateway Admin UI. Then, within your Okta tenant, disable the app, and delete the app.