Deploying Okta Access Gateway follows a well defined set of tasks, performed in a specific order.
This page is intended to provide an overview of the tasks required to deploy Access Gateway in one of the supported virtual environments. This page doesn't address sizing, capacity planning, and similar concerns. See Capacity planning and sizing for more information.
Common deployment tasks include:
|Select and download Access Gateway OVA||Based on the target deployment environment, select and download the correct OVA. Currently Access Gateway supports the following production environments. VMWare (ESXi and Workstation), Microsoft Azure, Amazon Web Service EC2, and Oracle Cloud Infrastructure(OCI) virtual environments.
Note: Oracle VirtualBox is only supported for test and development use.
|Deploy image into virtual environment.||The first step in deploying Access Gateway is to import the virtual appliance file into the target virtual environment. This task varies based on the selected environment. For development and testing VMWare and Oracle Virtual Box are the simplest deployment environments.
See Bootstrap Access Gateway for details of bootstrapping a simple Access Gateway development environment.
|Reset the instance||Once Access Gateway has been imported into the virtual environment it should be reset. Resetting the instance involves accessing the instance using the Access Gateway Management console and running a simple reset command. See Access Gateway Management console for a general introduction to the Access Gateway Management console.|
|Determine or manage Access Gateway IP address||Depending on environment requirements Access Gateway can use a specific or assigned IP address. This IP address is used to access the instance to defined IDP and other settings and is often entered into /etc/hosts or its equivalent. See Add admin host entries for details of the initial entries required for initializing an Access Gateway instance.|
|Initialize the Access Gateway Admin UI console||Once an Access Gateway is up and running it must be assigned a cookie domain. This domain represents the general domain that the gateway is protecting. For details see Initialize Access Gateway Admin UI console.|
|Associate Access Gateway with an Okta org||All Access Gateway instances use an Okta org to manage applications, end users, and the access of one from the other. For more information see Configure your Okta tenant as an Identity Provider.|
Once complete, a functioning instance of Access Gateway is ready for use.
For complete details and all steps for configuring a local Access Gateway development environment see Bootstrap Access Gateway.