Okta Support access
Okta Support access allows Okta to access client Access Gateway appliances using a VPN.
This access is restricted to select members of Okta Support, Professional Services, and Engineering. It's disabled by default and must be explicitly enabled.
Okta Support access requires an Okta access API token during configuration, and the client firewalls must be configured to allow outgoing TCP traffic on port 443.
When connected to a client Access Gateway appliance, Okta Support staff can perform these operations:
- Admin: Okta Support staff can sign in and execute operations using the Access Gateway Admin UI console to perform normal administration activities.
- Command-line: Okta Support staff can use the Access Gateway Management console tool to connect to and execute commands to enhance, diagnose, or correct instance issues.
- File transfer: Okta Support staff can copy files to and from the Access Gateway appliance to upload and capture configuration, logs, and similar information.
There are two ways to manage Okta Support access:
When Access Gateway connects to the Okta Support VPN, a specific IP address is assigned to the VPN tunnel it's using. This IP address appears in the Access Gateway Admin UI console and the Access Gateway Management console.
Show the VPN tunnel IP address in the Access Gateway Admin UI console
- Sign in to the Access Gateway Admin UI console.
- Select Support.
- The IP address appears in the Tunnel IP field.
Show the VPN tunnel IP address in the Access Gateway Management console
- Sign in to the Management console.
- Press 1 - Manage network interfaces.
- Press s.
- Press Enter to display the running configuration details. The IP address appears beside the tun0 item.