Okta Groups for Access Gateway
All Access Gateway applications require one or more groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups.. These groups are used to grant or deny access to the protected applications resources. Within your Okta Tenant you will need to define one or more groups representing the sections of your application being protected. Where more complex policy is required multiple groups may be required.
- You have administrator rights on your Okta tenant and can assign applications to users, and create groups.
Within your Okta Tenant you will need to define one or more groups representing the sections of your application being protected. See the policy guide for information on defining fine grained application policy. In addition you may define additional attribute field values required by your application but outside those provided by default.
To define groups within your Okta tenant:
- Login to your Okta tenant as administrator.
- Select Directory > Groups.
- Using the Add Group button, create one or more groups.
- Click the name of the newly added group and use the various menu items to add, and otherwise manage group membership.
User and group management is outside the scopeA scope is an indication by the client that it wants to access some resource. of this document. See Users and Groups for details of user and group management.
- Add or review application settings. For more details see Application Settings.
- Add application behaviors. For details and examples of behaviors see Administer Behaviors.
- Add fine grained policy to further protect resources.
An overview of user policy can be found in Application Policy User Overview.
For details and examples of policy see Administration User Policy Guide.
- Extend existing policy using Custom configuration, see Advanced Policy.
- Define one or more certificates for use with this application. See Certificate Management
- Add supplemental database or LDAPLightweight Directory Access Protocol (LDAP) is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services. based data stores. For more information see Administer DataStores