VMWare vSphere/EXSi Deploy Tasks

 Deploying to VMWare vSphere/ESXi involves the following tasks:



VMWare vSphere/EXSi Deployment Tasks

Task Description Related Topic(s)
Download the latest OVA Download current version of the Access Gateway OVA. Download the latest OVA image
Import Import the OVA into VMWare vSphere/ESXi. Deploy OVA to VMWare vSphere/ESXi

Post Deployment Tasks

All deployments of Access Gateway require a set of common tasks including:

Task Description Related Topic(s)

First Login

Reset the Access Gateway command line interface password.
Reset the virtual appliance at the command line.

First login to Command Line Console
Initialize Access Gateway Command line

Determine the IP Address assigned and configure DNS Determine Access Gateway IP address.

Configure required /etc/hosts adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. entry
Configure required DNS entries.
Determine Access GatewayIP address, for non-AWS instances.
Configure Admin /etc/hosts entry
ConfigureAccess Gateway DNS
Initialize Access Gateway

Initialize the cookie domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https). and instance hostname.

Initialize Access Gateway Console
Configure an identity provider

Configure Okta tenant as identify provider

Setup SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. Access.

Configure your Okta tenant as an Identity Provider

Configure SAML access to Access Gateway from your Okta tenant

Configure Okta Tenant to allow access to Access Gateway using SAML.

Configure Administration Access using SAML

Important Note


When creating a set of Access Gateway nodes, for use in a High Availability ClusterA group of computer instances (physical or virtual) within a given infrastructure used together for a single purpose., care should be taken to name the nodes appropriately.
Note also, node names must be resolvable between Access Gateway instances other before configuring High Availability.