Administer local Identity Providers

Identity Providers (IdPs) are services that manage user accounts. Adding IdPs in Okta enables your end users to self-register with your applications by first authenticating with a social account or a smart card. IdPs provide identity federation between Access Gateway and Okta orgs and local identity providers. They also provide authorization and authentication support, and application data for identification and policy decisions.

You can use local Identity Providers (IdPs) in the absence of an Okta org IdP. This can be useful in certain situations, such as a network outage.

Add a local IdP

  1. Sign in to the Access Gateway Admin UI.
  2. Select the Settings tab.
  3. Select Identity Providers.
  4. Click + and select Local SAML IDP.
  5. Enter the following fields:




    Required. A unique name that identifies the IdP (for example, My Local IdP). This name is displayed in the list of IdPs.


    Required. A unique Access Gateway hosted domain (for example, idp.domain.tld). Must not match any others.

    Cookie Domain

    Required. A unique Access Gateway hosted domain name (for example, domain.tld). This must not match existing Access Gateway domain names.

    Default Auth Module

    Required. An existing Auth Module.

    Name Attribute

    Required. Obtain this attribute from the remote Active Directory (for example, email.).

    Name Attribute Format

    Required. The name format used in the SAML assertion. Select a format from the dropdown list (for example, Email address).

  6. Click Okay.

After any addition or update, a validation check runs against the Identity Providers. Valid Identity Provider entries have a status of Valid.