Configure SAML access to your Okta Tenant

Accessing Access Gateway from your Okta tenant can be configured using SAML. Once configured an administrator can log quick into Access Gateway using a tile.

While not strictly required, its considered a best practice to configure access to the Access Gateway UI console from Okta. In this page walk thru the configuration of Access Gateway with an Okta tenant such that the Gateway Admin UI accepts a SAML token for Okta for authentication. We will also create an application tile on the Okta Applications page for administrator use to access the Gateway Administration UI.

Create a Token

  1. In your browser, Navigate to your Okta Org and Login as an Administrator.

  2. Click Security > API.

  3. Select the Tokens tab.

  4. Click the Create Token.

  5. Enter an appropriate name for the token.  For example OAG Admin Access Token.
    Note: All access to the Okta Access Gateway will be tracked using this token name.

  6. Select and copy the token value.
    Note: Token text is only available during creation. You will NOT be able to retrieve the text of the token at a later time.

Add Okta as IDP

  1. In your browser, navigate to the Access Gateway Admin UI console as Admin

  2. Click Settings.

  3. Select the Identity Providers tab.

  4. In the Identify Providers pane click the + icon and select Okta.

  5. Select the Identity Providers tab.

  6. Complete the Add New Okta IDP step by providing the following values

    AttributeValue
    NameA descriptive name
    Okta OrgYour Okta Org URL. For example myorg.okta.com,
    Okta API TokenAPI Token copied previously
    DescriptionAn appropriate description
  7. Click Not Validated.
    Note: If your token can be successfully validated then the yellow Not Validated button will become a green Validated button.

  8. Click Okay.

Configure SAML for Administrative access

  1. In your browser, return to your Okta org as Administrator.

  2. Navigate to Directory > Groups.

  3. Click Add Group.

  4. In the Add Group dialog name the group and add a description, then click Add Group.

  5. Click the name of the newly added group.

  6. Click Manage People and add all users who should be able to administer Okta Access Gateway.

  7. When complete, click Save.

  8. Return to the previously open Okta Access Gateway browser window.

  9. Select the Application tab.

  10. On the row representing the previously added idP, click Add.

  11. From the list of applications select Access Gateway AdminUI and click Create.

  12. In the Essentials section configure the following values and then click Next.

    AttributeValue
    LabelOAG Admin Console
    Public Domaingw-admin.<yourdomain>
    GroupsOAG Admin (group created previously)
    DescriptionAn appropriate description
  13. Click Next. The Attributes tab is displayed.

  14. Click Next. The Policies tab is displayed.

  15. Click Done.

  16. Log out of the OAG Admin UI Console.

Final Steps

  1. Login to your Okta org as a user in the previously created OAG Admin group.
  2. You should see a notification has been added to the Okta Access Gateway Admin Console.
  3. Click the application tile and you will be logged into the Okta Access Gateway as an administrator.