Managing Application Attributes

To manage application attributes:

  1. Sign in to your Access Gateway InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance..
  2. From the Topology tab or the Applications tab open the application.
  3. Select the Attributes pane.
    Selecting the Attributes tab allows you to add, delete, edit or test an application attribute.
    The list of known attributes for the application will display and resemble:

    . . .
  4. From the available set of attributes choose one of:
    Add a new attribute
    Delete an existing attribute
    Modify an existing attributeModify attribute(pencil) icon.
    Test an attribute setModify attribute(pencil) icon.

Add a new attribute

  1. Select the Add () icon in the attribute list header.
    The new Attribute dialog will be displayed.
    Note you may need to scroll the display as new attributes are added at the bottom.
  2. From the Data Source drop down select an appropriate data source.
    See Data Source Types below for a list of supported data source types and their meaning.
  3. From the Field drop down select a field name.
  4. From the Type drop down select the appropriate target type, either Header or Cookie.
  5. In the Name field enter the name for the header or cookie value expected by the legacy application.
    For example, to map the idPAn acronym for Identity Provider. It is a service that manages end user accounts analogous to user directories such as LDAP and Active Directory, and can send SAML responses to SPs to authenticate end users. Within this scenario, the IdP is Okta. field username to the header field login, we would create an attribute resembling:
    Example mapping of idP field login to to header field username.
  6. Click Okay when the attribute is complete.

Delete an existing attribute

  1. Select the delete () icon next to the attribute to be deleted.
  2. In the confirm dialog click Yes to delete the attribute or No to cancel the delete operation.

Modify an existing attribute

  1. Select the edit (Modify attribute(pencil) icon.) icon next to the attribute to be modified.
    The Edit existing Attribute dialog will be displayed.
  2. Modify the attribute as required.
  3. Click Okay to save the modified Attribute or Cancel to cancel the modification.

Test an attribute set

  1. Select the test (Modify attribute(pencil) icon.) icon in the attribute list header.
    The simulator dialog will display.
  2. Enter a value for any field that you wish to test.
  3. Click Test.
  4. Examine the result. Note you may need to scroll the simulator window down to see the test results.
  5. Modify a value and re-run the test or click Close to close the simulator dialog.

Attributes Fields

Application attributes are defined using the following fields:

Field Description
Send Flag Controls whether an attribute is present or not present within a header or cookie.
Attributes used for policy decisions ate typically set to Don't Send.

Datasource Originating source for the contents of the attribute.  Can be any of a number of sources including idP, various contexts, Data Stores and others.

Field and Record Number

Either Field and Record Number, of Value.
For static and secret attributes, the value field represents a fixed value for the attribute.

For non-static fields Field used as the source for the attribute.

Record Number is only present with non-static fields. and represents which of a multi-value variable will be selected. Record Value can be one of:

  • n: Where n represents the specific record number in the input. Default, value 0.
  • #: return the total number of records in the input.
  • @: Concatenate all values, using :(colon) as separator.
    For example ":value1:value2:value3:"

Maximum length: 128 characters.


Method for passing attributes. Can be one of:

  • Header: Attribute will be passed in a header.

  • Cookie: Attribute will be passed in a cookie.


Associated field in either the header or cookie.
Maximum length: 128 characters.

Datasource Types

The Data Source field defines the source for the value of the attribute. The following data sources are available:

Data Source Description
IDP The value of the is populated from the IDP field selected in the Value field. This is your Okta Tenant
Static The value of the attribute is fixed and defined in the Value field
Secret The value of the attribute is a static protected value, used as a secret key by the application in order to trust the headers that originate from the Access Gateway.


The value of the attribute comes from the OID datasource. The OID Datasouce is available in the Oracle E-Business Suite and other application types which provide LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. support. Typically used to to retrieve the Oracle GUID.

Auth Context The value of the attribute comes from the authentication context which includes the remote address and session id
AppAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. Context The value of the attribute comes from the application context and includes such fields as domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https)., cookie domain,