About Access Gateway applications

Access Gateway applications are the building blocks of application security. They define how Access Gateway provides access to underlying protected resources. Access Gateway has a large catalog of on-premises applications and uses application specific integration wizards to define application instances. The application integration is application type specific and may differ by application type. This means that some application types, for example Kerberos-based applications, may require custom settings before they can be integrated with Access Gateway.

The Access Gateway UI Console showing a set of protecter resources.

Applications are composed of the following:

  • Essential Settings- The essential or core requirements of all applications. These requirements usually include an application, public URL, protected Web resource, and often application type specific fields.
  • Advanced Settings - Additional settings that target specific features, such as session time-out, duration, content rewriting, certificate use, and more. These settings are usually optional.
  • Policies - An optional application element that defines mechanisms to control access to application features using attributes.
    For example, a group attribute might be used to define a policy that allows members of a given group to access a certain page. For example, members of the finance group might be able to access pages, such as payroll, which non-members can't.
  • Behaviors - An optional application element that controls application behavior based on conditions, such as HTTP return codes or errors.
    For example, an application might redirect to a specific page on sign out, to another on general errors, or other pages based on HTTP status codes.
  • Attributes - Attributes map the Okta tenant information to one or more elements of an application.
    For example, Okta tenant attributes can be mapped to Access Gateway header application attributes, cookie attribute ,or similar elements.