Add a client certificate application

The client certificate application prompts the user device browser to offer its client certificate. Access Gateway then validates the certificate against a root certificate and a revocation list.
Once validated the client browser will be granted access to the requested web resource.

The client certificate application is deprecated and only included for legacy purposes. This content is for instructional purposes only.

Before you begin

Ensure that:

  • You have administrator rights on your Okta tenant and can assign applications to users and create groups.
  • Appropriate DNS entries for both the header application and the external exposed new URL exist.
    For example:
    https://ext-cert.example.comLegacy application URL.
    Referenced by the end user.
    https://int-cert.example.comProtected Web resource URL.
    Referenced by Access Gateway.

Typical workflow



Create a containing group

Best practice, create an optional group to be assigned to the application.

Create client cert application

Create a cert application fronting a protected web application.

Add additional attributes

[Optional] Add additional attributes to the application.

Add access policy

[Optional] Add access control policy.

Test the application

Test the application.

Related topics

Add application behaviors. See Application behaviors.

Add fine grained policy to further protect resources. See Application policy and Manage access control application policy for an overview on user policy and for examples respectively.

Extend existing policy using custom configuration. See Advanced Access Gateway policy.