Administer local Identity Providers

You can use local Identity Providers (IdPs) in the absence of an Okta org IdP. This can be useful in certain situations, such as a network outage.

IdPs provide:

  • Identity federation between Access Gateway and Okta tenants/local identity providers.
  • Services such as:
    • Authorization and authentication support.
    • Application data for identification and policy decisions.

Add a local IdP

  1. Sign in to the Access Gateway Admin UI.
  2. Select the Settings tab.
  3. Select Identity Providers.
  4. Click + and select Local SAML IDP.
  5. Enter the following fields:




    Required. A unique name that identifies the IdP (for example, My Local IdP). This name is displayed in the list of IdPs.


    Required. A unique Access Gateway hosted domain (for example, idp.domain.tld). Must not match any others.

    Cookie Domain

    Required. A unique Access Gateway hosted domain name (for example, domain.tld). This must not match existing Access Gateway domain names.

    Default Auth Module

    Required. An existing Auth Module.

    Name Attribute

    Required. Obtain this attribute from the remote Active Directory (for example, email.).

    Name Attribute Format

    Required. The name format used in the SAML assertion. Select a format from the dropdown list (for example, Email address).

  6. Click Okay.

After any addition or update, a validation check runs against the Identity Providers. Valid Identity Provider entries have a status of Valid.