Create Oracle AccessGate app

Sign in to the Access Gateway Admin UI console.
Click the Applications tab.
Click +Add.
Select the Oracle Access Gate option from the application menu. Click Create.

In the Essentials pane specify the following:

Field	Value
Label	A name for the app.
Public Domain	A fully qualified hostname in the format `yourexternalname.yourdomain.com`
Protected Web Resource	The URL of the internal, protected app. For example, `accessgate.yourdomain.com:port/path`, where port: The port Oracle AccessGate listens on for HTTP requests. path: The path to the application. See Configure load balancing.
Group	The group that contains the users who should be able to access the app.
Post Login URL	The Post Login URL. This field is enabled by default and contains the value: `yourexternalname.yourdomain.com/OA_HTML/AppsLogin`.
Description	Optional. A description for your app.

Click Next.

The Application pane provides a list settings particular to Oracle Access Gate. Confirm the following fields, modifying values as required, and click Validate.

Field	Value
OID Datasource	Enabled. See Administer Data Stores.
OID Host	The fully qualified hostname of the OID Host. The default value is: ebs-iam.internalhost.com
OID Port	The port used to connect to the OID host. The default is port 3060.
Bind User	The user used for OID access. The default value is: cn=oracleuser.
Bind User Password	The Bind User password.
Base	User search base. The default is: cn=Users,dc=domain,dc=com
User Search Attribute	The attribute to search OID with. The default attribute is:CN.
Matching Attribute	The Okta attribute used for matching. The default attribute to use is: USER_NAME General examples: `${ATTRIBUTE@idp]}` - single IDP `${ATTRIBUTE@idp[0]}` - multiple IDP Where `ATTRIBUTE` is an Okta tenant attribute, not an Access Gateway attribute. This is similar to matching filter in LDAP DataStores.

Click Next.

The Attributes page lists the attributes passed to the app as header fields. Confirm that the attributes match those required by the Oracle AccessGate app. Click Edit (

) to modify an attribute. Add or modify attributes as necessary. See Application Attributes.

Datasource	Value	NAME
idp	email	USER_NAME
oid	orclguid	USER_ORCLGUID

Click Next.
Click Done.

See Managing Application Policy for additional information on policies.

Configure load balancing

Note:

Only use Access Gateway as the load balancer. See Load balancing.

Expand the Protected Web Resource tab.
Enable Load Balancing By Access Gateway. A table of hostnames and weights representing the target load-balancing instances appears. This table is initially empty. Click the Edit icon to modify an entry in the table, or click the Delete icon to delete an entry.
Choose either HTTP or HTTPS as the URL scheme. Each protected web resource that you add inherits this scheme.
Optional. Enable and enter the Host Header value.
Complete the following steps to add a host. Repeat these steps as required:
1. Click Add protected web resource.
2. Enter a fully qualified hostname:port combination, like for example, https://backendserver1.atko.com:7001.
3. Enter a weight from 1 to 100. Enter 0 to specify that a host is disabled.
  Note:
  Weights represent the percentage of requests that are routed to this host. For example, two hosts of weights 2:1 result in requests being routed approximately 66% to the host weighted 2 and approximately 33% to the host weighted 1.
4. Click Okay.

Optional. Configure health checks. They use GET operations to confirm that back-end resources are functional. New requests aren't routed to resources that have been labeled unhealthy by the health checks.

Enable Load Balancer Health Check.
Click Edit to modify health check settings.

Modify the settings as required.

Field	Value	Default
Path	The URI path to the resource used in the health check.	/
Method	The HTTP method used in the health check.	Always GET
Status code	The HTTP status code used to determine health.	200
Interval	The interval between health checks in seconds.	10
Request timeout	The health check request timeout in seconds.	1
Healthy threshold	The number of requests that must succeed before a host is considered healthy.	3
Unhealthy threshold	The number of requests that must fail before a host is considered unhealthy.	3

Click Save.

Configure certificates

Note:

All apps, including the Access Gateway Admin UI console app, require a self-signed or signed certificate.

Include signed certificates wherever you terminate SSL. You can terminate SSL at Access Gateway or any other network component, like a load balancer.

If you terminate SSL at a load balancer, on the Access Gateway Admin UI console app, you also need to use a certificate that is trusted by the load balancer.

If you terminate SSL on the Access Gateway Admin UI console application, you must use a signed certificate, which must be on the Access Gateway node and be associated with the Access Gateway Admin UI console application.

See Certificate use for details about certificates.
See Certificate management for a task flow for obtaining and assigning certificates.

Expand the Certificates tab.
Note:
By default, when you create the app, the system generates a self-signed wildcard certificate and assigns it to the app.
Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the app.
Optional. Select an existing certificate from the list. Use the Search field to narrow the set of certificates by common name. Use the page forward and backward arrows to navigate through the list.
Click Next. The Attributes pane appears. See Application attributes.

Note:
The required attributes are pre-populated, and are presented for reference.

Verify the login attribute:

Data Source	Field	Type	Name
IDP	login Note: The attribute in your Okta tenant that stores the PeopleSoft username. This can be a different attribute or can use Okta username mapping to create the PeopleSoft username dynamically.	Header	`PUBUSER`

Click Done.