Understanding Okta Access Gateway
Okta Access Gateway is one of several elements required to secure applications, including:
- Okta Tenant, or Okta OrgThe Okta container that represents a real-world organization. - All implementations at Okta start with an Okta Tenant. Your Okta Tenant represents your real world application including users and applications, and multi-factor authentication. Users access their org and are presented with a list of administered application tiles which can be to access their applications. Your Okta tenant manages users, groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., profile information and other details. Your Okta tenant can be your Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., can be linked to another universal directory or a combination of both. For information on directory integrations see Directory integrations.
- Access Gateway - All Access Gateway implementations include one or more instances of the Okta Access Gateway virtual application. Access Gateway can run in a variety of VM environments as well as on-prem. For a complete list of supported technologies see Okta Access Gateway Supported Technologies.
- Applications - Applications represent the resources protected by Access Gateway. Access Gateway can protect any number of existing applications. For a complete list of protected applications see Application types.
Access Gateway Components
The Access Gateway solution is implemented within a customer’s infrastructure, and can be deployed in the cloud, on-premise, or within a hybrid solution. It’s provided by Okta as an Open Virtual Appliance (.ova) file.
The architecture of Access Gateway includes:
- Your Users - Represented by a directory service
- Okta Org - Your Okta organization
- Load Balancer(s) - One or more load balancers
- Access Gateway instances - One or more access gateway instances
- Application Resources - One or more protected resources.
In addition, Access Gateway can be made fault tolerant through the use of secondary stand by implementations
The following include typical first tasks performed by an administrator to install and configure an initial instance of Access Gateway.
- Prepare and determine sizing - Carefully review the Access Gateway pre install requirements and collect appropriate sizing information.
- Install Access Gateway - Access Gateway runs as a software virtual application. Access Gateway can be installed in a number of VM including, VMWare, AWS, and similar environments.
See Setup Access Gateway Using an OVA Image for installation details.
- Configure your Okta tenant as an Identity Provider
- Configure Administration Access using SAML
- Add a Generic Header Application
- Add a Sample Cookie Application
- Add a Sample Header Application
- Add a Sample Policy Application