Getting Started with Okta Access Gateway
Okta Access Gateway allows you to secure access to your on-premises apps and protect your hybrid cloud. All without changing how your apps work today.
Use Okta Access Gateway to connect Okta to on-premises applications that use header-based, KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner., or URL-based authorization.
Okta Access Gateway is one of several elements required to secure applications, including:
- Okta Tenant, or Okta OrgThe Okta container that represents a real-world organization. - All implementations at Okta start with an Okta Tenant. Your Okta Tenant represents your real world application including users and applications, and multi-factor authentication. Users access their org and are presented with a list of administered application tiles which can be to access their applications. Your Okta tenant manages users, groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., profile information and other details. Your Okta tenant can be your Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., can be linked to another universal directory or a combination of both.
For information on directory integrations see Directory integrations.
- Access Gateway instances - All Access Gateway implementations include one or more instances of the Okta Access Gateway virtual application. Access Gateway can run in a variety of VM environments as well as on-prem.
For a complete list of supported technologies see Okta Access Gateway Supported Technologies.
- Applications - Applications represent the resources protected by Access Gateway. Access Gateway can protect any number of existing applications. For a complete list of protected applications see Access GatewaySupported Applications.
Access Gateway Components
The Access Gateway solution is implemented within a customer’s infrastructure, and can be deployed in the cloud, on-premise, or within a hybrid solution. It’s provided by Okta as an Open Virtual Appliance (.ova) file.
A deployment of Access Gateway includes:
- Your Users - Represented by a directory service, often your Okta Org.
- Okta Org - Your Okta organization.
- Load Balancer(s) - One or more load balancers
- Access Gateway instances - One or more access gateway instances.
- Application Resources - One or more protected resources.
In addition, Access Gateway can be made fault tolerant through the use of secondary stand-by implementations.
The following include typical first tasks performed by an administrator to install and configure an initial instance of Access Gateway.
- Prepare and determine sizing - Carefully review the Access Gateway pre install requirements and collect appropriate sizing information.
- Install Access Gateway - Access Gateway runs as a software virtual application. Access Gateway can be installed in a number of VM including, VMWare, AWS, and similar environments.
See Deploy Access Gateway Using an OVA Image for installation details.
- Configure your Okta tenant as an Identity Provider
- Configure Administration Access using SAML
- Generic Header Application
- Sample Cookie Application
- Sample Header Application
- Sample Policy Application
Tracks are pathways through the Access Gateway documentation
- Access GatewaySupported Applications
- Authentication and authorization overview
- Admin UI Console Overview
- Access Gateway security statement