Manage Access Gateway day to day

After initial deployment and integrating applications, administrators must perform normal day to day functions, such as monitoring, configuring logging, and similar tasks.
The following list includes common day to day administrative tasks:

Task(s) Description
Administer the Access Gateway support VPN

The Support VPN is a mechanism used by select Okta support individuals to access an Access Gateway instance at the operating system level.

See also About Access Gateway support VPN.

Backup and restore

Access Gateway configuration can be backed up(stored) and restored to local, non-appliance based disk.
This task describes the process of backing up and restoring Access Gateway configuration.
See also About backup and restore.

Configure Access Gateway proxy server

Access Gateway can be configured to use a proxy.
This task describes the process of using the Access Gateway Management console to define a proxy.
Note, after proxy configuration Access Gateway instances require a reboot. Plan accordingly.

Configure log forwarders

Access Gateway supports log forwarding to systems such as Graylog.
This task describes the process of configuring log forwarders.
See also Administer logging.

Configure High Availability

Access Gateway supports high availability by creating a cluster of Access Gateway nodes or instances.
This task describes the process of creating an Access Gateway cluster.

Note, you must have at least two Access Gateway instances available to create a cluster. These instances will become the Admin and worker instances.
See alsoHigh availability concepts and Configure and manage high availability.

Download logs

Access Gateway supports downloading system logs.
This task describes the process of downloading and expanding logs locally.
See also About Access Gateway logs

Upgrade latest workflow

Selective upgrade workflow

Access Gateway can get ungraded to the latest version or to an intermediate version.
These tasks describe the process of selective (intermediate version) and traditional (latest version) upgrade.
See also Upgrade Access Gateway .

Manage SSL/TLS termination

Certificates are used in a variety of ways with Access Gateway.
This task describes how TLS termination can be configured with Access Gateway.
See also About application certificate use and Manage certificates and certificate chains.

Manage network interfaces

Access Gateway can use multiple network interfaces. Typically multiple network interfaces are used to segregate traffic. For example to seperate administration, from front end and back end traffic.
This task describes the process of creating second and subsequent interfaces and managing routing for those interfaces. Additionally this task describes the process of NIC bonding.
See also About network interfaces.

Metrics monitoring

Metrics based monitoring, sometimes referred to as Open Telemetry monitoring, allows an administrator to monitor Access Gateway using a tool such as See About Access Gateway monitoring for an overview of supported monitoring mechanisms.

Manage trusted domains

Trusted domains, sometimes referred to as trusted origins, define a set of top level domains that Access Gateway are allowed for redirects.
This task describes the processes of enabling, disabling and viewing known trusted domains.
See alsoAbout trusted domains.

Perform admin renomination

Admin renomination is the process of introducing a new Access Gateway admin node running the newest Access Gateway software version.

See also About admin renomination.

Less common system tasks

The following are less common system tasks

Task(s) Description

Administer Auth Modules

Authorization Modules, or Auth Modules, are used to establish a secondary source of authentication truth.
They are used when, for some reason, Access Gateway cannot reach your Okta tenant.

This task lists the tasks involved with adding one or more additional authorization modules.

The use of auth modules is very rare. Consider consulting with your Okta support representative before implementing auth modules.

See also About Auth Modules.

Administer local Identity Providers

Local Identity Providers can be used in the absence of an Okta org IDP. For example, as a result of a network outage.
This task describes the process of adding an additional identity provider which can be used to provide application access in situations where Okta is unavailable.

Administer SNMP monitoring

The Simple Network Management Protocol (SNMP) can be used to monitor Access Gateway instances.
This task describes available MIB content and the process of enabling and disabling SNMP support.