About Okta as IdP
After deploying Access Gateway, one of the first tasks is to configure an Okta org as an identify provider. After it is configured, Access Gateway interacts with the configured Okta org to provide a variety of services with the most common one being authentication.
Access Gateway authenticates with an Okta org in one of two ways:
Okta org initiated flow
In an Okta initiated flow, the user accesses an Okta tenant, signs in using a browser or hand held device(1). Okta authenticates(2) the user and directs them to their set of defined applications. When the user selects an app tile representing an application managed by Access Gateway, the Okta org provides credential information, usually in the form of a SAML assertion to Access Gateway, which then directs the request to the client application(4).
Direct to Access Gateway initiated flow
In the Direct to Access Gateway initiated flow, a user accesses an application proxied by Access Gateway directly (1). Access Gateway then asks Okta for authentication (2). The Okta org then authenticates(3) and returns the appropriate assertion(4) to Access Gateway. Access Gateway then forwards the request to the underlying protected application resource(5).