Introduction to Access Gateway

Okta Access Gateway enables you to protect access to on-premises apps that don't support federation with the user authentication and single sign-on capabilities of Okta. It's a reverse proxy-based virtual application that integrates with legacy apps using HTTP headers and Kerberos tokens, and offers URL-based authentication. Since Access Gateway is behind the firewall, it lets external users access on-premises web-based apps without the need for traditional VPNs. When deployed, all browser traffic flows first to Access Gateway and then to the back-end protected app. This allows Access Gateway to monitor every request that a user accesses, perform authorization, and add the appropriate headers and tokens to the request.

Access Gateway communicates only with web-based apps.

Access Gateway components

An Access Gateway deployment includes the following components:

  • Okta org: Manage your apps, users, single sign-on, and multifactor authentication (MFA) in Okta. Then use Access Gateway to apply the user authentication features of Okta to your on-premises apps.
  • Virtual appliance: Access Gateway is a virtual appliance. You can download it from the Admin Console in your Okta org. Go to SettingsDownloads and then deploy it in a virtual environment. You can deploy as many instances as you need to meet reliability and throughput requirements.
  • Virtual environment: Access Gateway must be hosted in a virtual environment. See Okta Access Gateway Supported Technologies for a list of supported virtual environments.
  • Protected apps: Access Gateway protects header-based, SAML, custom web, Kerberos, and other apps.
  • Policies: Create granular policies to protect access to apps based on group membership, IP address location, and many other factors.

Access Gateway administration tools

The following Access Gateway administration tools are available:

  • Access Gateway Admin UI console:
    • Initially configure an instance of a virtual application
    • Administer Access Gateway and Okta organization integration
    • Define, administer, monitor, and manage protected applications
  • Access Gateway Management console:
    • Configuring high availability
    • Managing underlying networking
    • Monitoring and logging
    • Enabling and disabling the support network