Managing Application Attributes

To manage application attributes:

  1. Navigate to the Access Gateway Admin UI console.
  2. From the Topology tab or the Applications tab open the application.
  3. Select the Attributes pane.
    Selecting the Attributes tab allows you to add, delete, edit or test an application attribute.
    The list of known attributes for the application will display and resemble:

    . . .
  4. From the available set of attributes choose one of:
    Add a new attribute
    Delete an existing attribute
    Modify an existing attributeModify attribute(pencil) icon.
    Test an attribute setModify attribute(pencil) icon.

Add a new attribute

  1. Select the Add () icon in the attribute list header.
    The new Attribute dialog will be displayed.
    Note you may need to scroll the display as new attributes are added at the bottom.
  2. From the Data Source drop down select an appropriate data source.
    See Data Source Types below for a list of supported data source types and their meaning.
  3. From the Field drop down select a field name.
  4. From the Type drop down select the appropriate target type, either Header or Cookie.
  5. In the Name field enter the name for the header or cookie value expected by the legacy application.
    For example, to map the idP field username to the header field login, we would create an attribute resembling:
    Example mapping of idP field login to to header field username.
  6. Click Okay when the attribute is complete.

Delete an existing attribute

  1. Select the delete () icon next to the attribute to be deleted.
  2. In the confirm dialog click Yes to delete the attribute or No to cancel the delete operation.

Modify an existing attribute

  1. Select the edit (Modify attribute(pencil) icon.) icon next to the attribute to be modified.
    The Edit existing Attribute dialog will be displayed.
  2. Modify the attribute as required.
  3. Click Okay to save the modified Attribute or Cancel to cancel the modification.

Test an attribute set

  1. Select the test (Modify attribute(pencil) icon.) icon in the attribute list header.
    The simulator dialog will display.
  2. Enter a value for any field that you wish to test.
  3. Click Test.
  4. Examine the result. Note you may need to scroll the simulator window down to see the test results.
  5. Modify a value and re-run the test or click Close to close the simulator dialog.

Attributes Fields

Application attributes are defined using the following fields:

Field Description
Send Flag Controls whether an attribute is present or not present within a header or cookie.
Attributes used for policy decisions ate typically set to Don't Send.

Datasource Originating source for the contents of the attribute.  Can be any of a number of sources including idP, various contexts, Data Stores and others.

Field and Record Number

Either Field and Record Number, of Value.
For static and secret attributes, the value field represents a fixed value for the attribute.

For non-static fields Field used as the source for the attribute.

Record Number is only present with non-static fields. and represents which of a multi-value variable will be selected. Record Value can be one of:

  • n: Where n represents the specific record number in the input. Default, value 0.
  • #: return the total number of records in the input.
  • @: Concatenate all values, using :(colon) as separator.
    For example ":value1:value2:value3:"

Maximum length: 128 characters.


Method for passing attributes. Can be one of:

  • Header: Attribute will be passed in a header.

  • Cookie: Attribute will be passed in a cookie.


Associated field in either the header or cookie.
Maximum length: 128 characters.

Datasource Types

The Data Source field defines the source for the value of the attribute. The following data sources are available:

Data Source Description
IDP The value of the is populated from the IDP field selected in the Value field. This is your Okta Tenant
Static The value of the attribute is fixed and defined in the Value field
Secret The value of the attribute is a static protected value, used as a secret key by the application in order to trust the headers that originate from the Access Gateway.


The value of the attribute comes from the OID datasource. The OID Datasouce is available in the Oracle E-Business Suite and other application types which provide LDAP support. Typically used to to retrieve the Oracle GUID.

Auth Context The value of the attribute comes from the authentication context which includes the remote address and session id
App Context The value of the attribute comes from the application context and includes such fields as domain, cookie domain,