Configure SAML access to your Okta Tenant

You can use SAML to configure accessing Access Gateway from your Okta tenant as an admin. After its configured, you can quickly sign in to Access Gateway using a tile.

While not strictly required, it's a best practice to configure access to the Access Gateway Admin UI console from your Okta tenant. You can configure Access Gateway with an Okta tenant such that the Access Gateway Admin UI accepts a SAML token for Okta for authentication and create an application tile on the Okta Applications page for administrator use to access the Access Gateway admin UI.


Create a Token

  1. In your browser, navigate to your Okta Org and sign in as an administrator.

  2. In the Admin Console, go to Security >API.

  3. Select the Tokens tab.

  4. Click the Create Token.

  5. Enter an appropriate name for the token.  For example, OAG Admin Access Token. All access to the Okta Access Gateway is tracked using this token name.

  6. Select and copy the token value.

    Note

    Note:

    Token text is only available during token creation. You will not be able to retrieve the text of the token at a later time.

Add Okta as IDP

  1. In your browser, navigate to the Access Gateway Admin UI console as an admin.

  2. Click Settings.

  3. Select the Identity Providers tab.

  4. In the Identify Providers pane, click + and select Okta.

  5. Select the Identity Providers tab.

  6. Complete the Add New Okta IDP step by providing the following values:

    Attribute Value
    Name A descriptive name
    Okta Org Your Okta Org URL. For example, myorg.okta.com,
    Okta API Token API Token copied previously
    Description An appropriate description
  7. Click Not Validated. If the validation is successful, the Not Validated button changes to Validated.

  8. Click Okay.

Configure SAML for Administrative access

  1. In your browser, sign in to your Okta org as administrator.

  2. In the Admin Console, go to Directory >Groups.

  3. Click Add Group.

  4. In the Add Group dialog box, enter the name of the group and add a description.

    Click Add Group.

  5. Click the name of the newly added group.

  6. Click Manage People and add all users who should be able to administer Okta Access Gateway.

  7. Click Save.

  8. Return to the previously opened Okta Access Gateway browser window.

  9. Select the Application tab.

  10. On the row representing the previously added IDP, click Add.

  11. From the list of applications, select Access Gateway AdminUI.

  12. Click Create.
  13. In the Essentials section, configure the following values:

    Attribute Value
    Label OAG Admin Console
    Public Domain gw-admin.<yourdomain>
    Groups OAG Admin (group created previously)
    Description An appropriate description
  14. Click Next. The Attributes tab appears.

  15. Click Next. The Policies tab appears.

  16. Click Done.

  17. Sign out of the Access Gateway Admin UI console.

Final Steps

  1. Sign in to your Okta org as a user in the previously created OAG Admin group.
  2. You should see a notification has been added to the Okta Access Gateway Admin UI console.
  3. Click the application tile to sign in to the Okta Access Gateway as an administrator.