Setup Access Gateway using VMWare/ESXi
Overview
The purpose of this guide is to describe the process of installing the Access Gateway virtual appliance using VMware Player or vSphere ESXi.
For a complete list of all supported installation targets see Setup Access Gateway Using an OVA Image
What’s covered in this guide
See Okta Access Gateway Supported Technologies for a complete list of all supported technologies and versions.
Download the latest OVA image.
To download the latest Okta Access Gateway OVA Image
-
Download the Okta Access Gateway image from the Settings > Downloads page in Okta.
-
When prompted save the file to an appropriate location.

To Import an OVA to VMWare Workstation Player:
-
Open VMware Workstation Player.
-
Select Open a Virtual Machine.
-
Browse to the Okta-Access Gateway OVA file, and click Open.
-
Enter a name for the virtual machine, and click Import.
-
VMware will start importing the OVA file.
-
Once the VM has imported, click Play virtual machine to start the VM and open a terminal.

To Import to VMWare ESXi/vSphere:
Note: Older versions (before 6.5) of VMWare ESXi, vSphere and vSphere Client do not support SHA-256OVF Files.
To Convert from SHA256 to SHA1
$ ovftool --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova
-
Download and install VMware vSphere ClientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. from the ESXi/vSphere server.
-
Open VMware vSphere Client.
-
Enter the server name or IP address and credentials in the respective fields, and click Login.
-
In the vSphere Client window, select File > Deploy OVF Template.
-
In the Deploy OVF Template window, click Browse.
-
Select the Okta-Access Gateway OVA file, and click Open.
-
Click Next.
-
Review the template details provided, and click Next.
-
When prompted to accept the Access Gateway License agreement. Click Accept and then click Next.
-
Enter a name for the Access Gateway template, and click Next.
-
On the next page, select a storage location, and click Next.
-
Select the appropriate disk format option based on your requirements, and click Next.
-
Click Finish.
vSphere Client will begin the deployment process.
-
Click Close in the confirmation dialog box when the deployment is complete.
-
In the vSphere Client window, click Inventory.
-
Select the Virtual Machines tab to display the VMs that are currently deployed to the server.
-
Select the Access Gateway VM, and click Power On (symbolized by a green play icon) in the toolbar.
-
Right-click the VM, and click Open Console to log in to the VM.
Next Steps
After Okta Access Gateway has been installed there are a number of common post installation tasks that should be performed.
Including:
- Determine the IP Address of the Okta Access Gateway virtual application.
- Configure admin /etc/hosts entry
- Initialize the Command Line console
- Reset Passwords
- Initialize Access Gateway Admin UI Console
- Configure DNS
- Add Applications
For More Information
- See Okta Access Gateway Post Installation for a complete task list.
- See Access Gateway Command Line Management Console Reference for a complete list of management console commands.
- See Access Gateway Admin UI Console Overview for an overview of the Access Gateway UI console.

Configure Administration Access using SAML
-
Refer to Configure Administration Access using SAML for more details.
Add an Okta Org as Access Gateway idP
-
Refer to Configure your Okta tenant as an Identity Provider for more details.
Add a sample cookie app to Access Gateway
-
Refer to Add a Sample Cookie Application for more details.
Add a sample header app to Access Gateway
-
Refer to Add a Sample Header Application for more details.
Add a sample policy app to Access Gateway
-
Refer to Add a Sample Policy Application for more details.
Add a sample proxy app to Access Gateway
-
Refer to Add a Sample Proxy Application for more details.
Add a header based application to Access Gateway
-
Refer to Add a Generic Header Application for more details.
Monitor logs, restart services, and edit hosts file
-
To monitor the logs, restart services, or edit the hosts file on the appliance, refer to the Access Gateway Command Line Management Console Reference for more information.