Manage Access Gateway day to day
After initial deployment and integrating applications, administrators must perform normal day to day functions, such as monitoring, configuring logging, and similar tasks.
The following list includes common day to day administrative tasks:
Task(s) | Description |
Administer the Access Gateway support VPN |
The Support VPN is a mechanism used by select Okta support individuals to access an Access Gateway instance at the operating system level. See also About Access Gateway support VPN. |
Access Gateway configuration can be backed up(stored) and restored to local, non-appliance based disk. |
|
Access Gateway can be configured to use a proxy. |
|
Access Gateway supports log forwarding to systems such as Graylog. |
|
Access Gateway supports high availability by creating a cluster of Access Gateway nodes or instances. Note, you must have at least two Access Gateway instances available to create a cluster. These instances will become the Admin and worker instances. |
|
Access Gateway supports downloading system logs. |
|
Access Gateway can get ungraded to the latest version or to an intermediate version. |
|
Certificates are used in a variety of ways with Access Gateway. |
|
Access Gateway can use multiple network interfaces. Typically multiple network interfaces are used to segregate traffic. For example to seperate administration, from front end and back end traffic. |
|
Metrics monitoring |
Metrics based monitoring, sometimes referred to as Open Telemetry monitoring, allows an administrator to monitor Access Gateway using a tool such as Prometheus.io. See About Access Gateway monitoring for an overview of supported monitoring mechanisms. |
Trusted domains, sometimes referred to as trusted origins, define a set of top level domains that Access Gateway are allowed for redirects. |
|
Perform admin renomination |
Admin renomination is the process of introducing a new Access Gateway admin node running the newest Access Gateway software version. See also About admin renomination. |
Less system tasks
The following are less common system tasks
Task(s) | Description |
Authorization Modules, or Auth Modules, are used to establish a secondary source of authentication truth. This task lists the tasks involved with adding one or more additional authorization modules. ![]() The use of auth modules is very rare. Consider consulting with your Okta support representative before implementing auth modules. |
|
Local Identity Providers can be used in the absence of an Okta org IDP. For example, as a result of a network outage. |
|
The Simple Network Management Protocol (SNMP) can be used to monitor Access Gateway instances. |