Access Gateway applications

Okta Access Gateway applications represent the customer's protected web application assets. When defined within Access Gateway, Okta refers to these definitions as Access Gateway applications, or simply applications.

You can create application definitions using the Access Gateway Admin UI console. All application definitions are similar and require a common set of elements. See Application settings.

When working with Access Gateway applications, you need:

  1. Users: A set of users, typically, maintained within a directory service. They're often managed within your Okta tenant itself.
  2. Okta org: An Okta tenant.
  3. Access Gateway: A configured instance of Okta Access Gateway.
  4. Protected resources: One or more resources.

Access Gateway overview showing users(1), an Okta tenant(2), an instance of Access Gateway(3) and a set of protected resources(4).

Other potentially optional elements, such as:

  • Firewall: A firewall separating the environment hosting Access Gateway and protected resources.
  • Access Gateway High Availability cluster: A group of Access Gateway instances working together to provide a robust high performing environment.
  • Load balancer: A load balancer to distribute work load across an Access Gateway cluster.
  • Directory service: Some form of directory service as source for user information.

Restricted cookie field names

The following cookie field names are reserved as Access Gateway uses them for session handling, preventing their use by other applications:

  • AuthCookie
  • SessionCookie<characterstring>
  • spgwAMCookie
  • spgwAuthToken


To integrate applications see:

  • Generic applications : Integrate header, SAML pass through, Kerberos, portal, web socket, and similar applications.
  • Sample applications : Integrate and test with sample cookie, header, proxy, and policy applications.
  • Third-party applications: Integrate various third-party applications such as Oracle EBS, PeopleSoft, JD Edwards, and others.

Related topics