Manage Access Gateway day to day

The Support VPN is a mechanism used by select Okta support individuals to access an Access Gateway instance at the operating system level.

See also About Access Gateway support VPN.

Access Gateway configuration can be backed up(stored) and restored to local, non-appliance based disk.
This task describes the process of backing up and restoring Access Gateway configuration.
See also About backup and restore.

Access Gateway can be configured to use a proxy.
This task describes the process of using the Access Gateway Management console to define a proxy.
Note, after proxy configuration Access Gateway instances require a reboot. Plan accordingly.

Access Gateway supports log forwarding to systems such as Graylog.
This task describes the process of configuring log forwarders.
See also Administer logging.

Access Gateway supports high availability by creating a cluster of Access Gateway nodes or instances.
This task describes the process of creating an Access Gateway cluster.

Note, you must have at least two Access Gateway instances available to create a cluster. These instances will become the Admin and worker instances.
See alsoHigh availability concepts and Configure and manage high availability.

Access Gateway supports downloading system logs.
This task describes the process of downloading and expanding logs locally.
See also About Access Gateway logs

Access Gateway can get ungraded to the latest version or to an intermediate version.
These tasks describe the process of selective (intermediate version) and traditional (latest version) upgrade.
See alsoUpgrade Access Gateway .

Certificates are used in a variety of ways with Access Gateway.
This task describes how TLS termination can be configured with Access Gateway.
See also About application certificate use and Manage certificates and certificate chains.

Access Gateway can use multiple network interfaces. Typically multiple network interfaces are used to segregate traffic. For example to seperate administration, from front end and back end traffic.
This task describes the process of creating second and subsequent interfaces and managing routing for those interfaces. Additionally this task describes the process of NIC bonding.
See also About network interfaces.

Metrics based monitoring, sometimes referred to as Open Telemetry monitoring, allows an administrator to monitor Access Gateway using a tool such as Prometheus.io. See About Access Gateway monitoring for an overview of supported monitoring mechanisms.

Trusted domains, sometimes referred to as trusted origins, define a set of top level domains that Access Gateway are allowed for redirects.
This task describes the processes of enabling, disabling and viewing known trusted domains.
See alsoAbout trusted domains.

Authorization Modules, or Auth Modules, are used to establish a secondary source of authentication truth.
They are used when, for some reason, Access Gateway cannot reach your Okta tenant.

This task lists the tasks involved with adding one or more additional authorization modules.

The use of auth modules is very rare. Consider consulting with your Okta support representative before implementing auth modules.

Local Identity Providers can be used in the absence of an Okta org IDP. For example, as a result of a network outage.
This task describes the process of adding an additional identity provider which can be used to provide application access in situations where Okta is unavailable.