Add a client certificate application
The client certificate application prompts the user device browser to offer its client certificate. Access Gateway then validates the certificate against a root certificate and a revocation list.
Once validated the client browser will be granted access to the requested web resource.
The client certificate application is deprecated and only included for legacy purposes. This content is for instructional purposes only.
Before you begin
Ensure that:
- You have administrator rights on your Okta tenant and can assign applications to users and create groups.
- Appropriate DNS entries for both the header application and the external exposed new URL exist.
For example:Value Description https://ext-cert.example.com Legacy application URL.
Referenced by the end user.https://int-cert.example.com Protected Web resource URL.
Referenced by Access Gateway.
Typical workflow
|
Task |
Description |
|---|---|
| Create a containing group |
Best practice, create an optional group to be assigned to the application. |
| Create client cert application |
Create a cert application fronting a protected web application. |
| Add additional attributes |
[Optional] Add additional attributes to the application. |
| Add access policy |
[Optional] Add access control policy. |
| Test the application |
Test the application. |
Related topics
Add application behaviors. See Application behaviors.
Add fine grained policy to further protect resources. See Application policy and Manage access control application policy for an overview on user policy and for examples respectively.
Extend existing policy using custom configuration. See Advanced Access Gateway policy.