Overview

Securing Web Applications with Advanced Server Access

Advanced Server Access can be used to secure access to web applications, enabling centralized management and immediate enforcement of authorization policy.

Advanced Server Access Access Fabric

The Advanced Server Access Access Fabric is a geographically distributed web proxy which uses Advanced Server Access's authorization engine to enforce zero trust principles. When a user attempts to access a web application protected by the Access Fabric:

  1. The user's browser establishes a TLS session with a nearby Access Fabric node
  2. The Access Fabric will, if necessary, require the user to authenticate against their team's configured identity provider.
  3. The Access Fabric confirms with Advanced Server Access's authorization engine that the user, the clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. device and the user's authentication session comply with any policies applied to the application being accessed.
  4. The Access Fabric forwards the request to the underlying application, with an attestation signed by Advanced Server Access confirming the user's identity.

This process is transparent to usersIn Okta literature, we generally refer to "users" as the people who serve as Okta administrators. When we refer to "end users" we are generally referring to the people who the administrators serve. That is, those who use Okta chiclets to access their apps, but have no administrative control. and can typically be completed without adding perceptible latency.

Top