Access Gateway applications are the building blocks of application security. They define how Access Gateway provides access to underlying protected resources.
Access Gateway has a large catalog of on-premises applications and uses application-specific integration wizards to define application instances. Each application integration is application type-specific. Some application types, such as Kerberos-based applications, require custom settings before they're integrated with Access Gateway.
Applications are composed of the following components:
- Essential Settings: The essential or core requirements of all applications. These requirements can include an application, public URL, protected Web resource, and application type-specific fields.
- Advanced Settings: Settings that target specific features (for example, session time-out, duration, and so on). These settings are usually optional.
- Policies: An optional element that uses attributes to define mechanisms to control access to application features. For example, a group attribute might be used to define a policy that allows members of a group to access a specific page. For example, members of the finance group are allowed to access the payroll page, while non-members are denied access.
- Behaviors: An optional application element that controls application behavior based on conditions, such as HTTP return codes or errors. For example, on sign out, an application might redirect to a specific page, while redirecting to different pages on general errors or HTTP status codes.
- Attributes: Attributes map Okta tenant information to some elements of an application. For example, Okta tenant attributes can be mapped to Access Gateway header application attributes, cookie attributes, and so on.