Introduction to Access Gateway
You can use Okta Access Gateway to connect Okta to on-premises applications that use header-based, KerberosKerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner., URL-based authorization and more.
Access Gateway helps you to seamlessly integrate your on-premise applications with Okta's Cloud SSOAn acronym for single sign-on. In a SSO system, a user logs in once to the system and can access multiple systems without being prompted to sign in for each one. Okta is a cloud-based SSO platform that allows users to enter one name and password to access multiple applications. Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in. Okta provides a seamless experience across PCs, laptops, tablets, and smartphones. capabilities.
Access Gateway is an ideal solution for any Okta customer where:
Your enterprise wants to unify all IAM under an Okta platform, but requires integration with applications that do not support federation (SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated., WS-Fed).
Your vendors, customers, or partners must access your internal business applications (such as SharePoint, Oracle E-Business Suite, and others) from the internet.
You must restrict unauthorized network access to your applications.
Your enterprise has web applications that lack a native authentication mechanism.
Your company is looking for a cost-effective replacement for your on-premise Web Access Management (WAM) solution.
Installing the Access Gateway on your own virtualization platform, or on a cloud-based computing platform (such AWS, Google, Azure and others), is a simple process. Access Gateway is a high-performance appliance that is installed within your hosting solution of choice and leverages your DNS and networking to provide services.
An Access Gateway deployment is typically composed of :
- Okta Tenant, or Okta OrgThe Okta container that represents a real-world organization. (1) - All implementations at Okta start with an Okta Tenant. Your Okta Tenant represents your real world application including users and applications, and multi-factor authentication. Users access their org and are presented with a list of administered application tiles which can be to access their applications. Your Okta tenant manages users, groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups., profile information and other details. Your Okta tenant can be your Universal DirectoryUniversal Directory enables you to store an unlimited amount of users and attributes from applications and sources like AD or HR systems. Any type of attributes are supported including linked-objects, sensitive attributes, and pre-defines lists. All of it accessible by all apps in our OIN catalog, over LDAP or via API., can be linked to another universal directory or a combination of both.
- Virtualization Environment (2) - The Okta Access Gateway is a virtual appliance and must be hosted in an appropriate virtualization environment. Access Gateway can be hosted directly on any computer which support Oracle Virtual Box v6.0 or later. In additional the Access Gateway Virtual Appliance can be installed in other supported environments such as AWS, Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure.
- Virtual Appliance(3) - Access Gateway is a 100% self contained virtual application. The appliance is downloaded from your Otka org using the Settings > Downloads page and then can be deployed in any supported environment. Once deployed Access Gateway can be easily managed using command line and GUI based tools. In High Availability scenarios Access Gateway is deployed as many times as required to meet reliability and throughput requirements.
- Protected Applications (4) - The core purpose of Access Gateway is to protect application resources. These resources may be Header based applications, SAML applications, custom Web applications, Kerberos based applications, or others.
- Policy - Access Gateway can protect applications using fine grained application policy. Groups of users can be defined and individual parts of applications protected using various policy statements.