Deploy Access Gateway
Deployment is the process of downloading and installing the Access Gateway Virtual application. Access Gateway is usually deployed using an architecture similar to that shown in the following diagram. However, the use of high availability is not required. Access Gateway instances must be hosted in a virtual environment.
- Review this topic: Access Gateway deployment prerequisites.
- Verify that Access Gateway is resolvable using DNS and is required to have a hostname assigned in DNS.
- Verify that Access Gateway can use a static IP Address. Access Gateway doesn't support using DHCP for its static IP address.
- Verify that a DNS Server and DNS Hostname (fully qualified domain name) are available to Access Gateway. Access Gateway must be resolvable using a DNS solution that end users
leverage. If end users originate from the internet, the Access Gateway solution must be publicly resolvable. Okta recommends that you use split DNS so that internal users connect to an internal IP
address and external users connect to a public IP address.
The fully qualified domain names for all applications integrated with the Access Gateway must be resolvable in DNS.
Access Gateway can be deployed to any of the environments described in the Supported deployment environments list. The following sections demonstrate how to deploy Access Gateway to VMware vSphere.
- Sign in to your Okta Org as an admin.
- Download the Okta Access Gateway image from the page.
- When prompted save the OVA file to an appropriate location.
Deploy the OVA file to VMWare vSphere/ESXi
See Deploy the Access Gateway OVA file to VMware vSphere and ESXi for instructions.
Perform required post-deployment configuration tasks
|Set Access Gateway instance hostname||Set a hostname for Access Gateway.|
|Optional. Set Access Gateway instance IP address||Configure a fixed IP address for Access Gateway.|
|Optional. Set Access Gateway DNS Servers||Configure Access Gateway to use a split DNS process where multiple DNS servers are used.|
|Optional. Set an Access Gateway proxy server||Configure Access Gateway to use with a proxy server.|
|Determine Access Gateway IP address||
Determine Access Gateway IP address for non-AWS instances.
Configure required admin entry in local hosts file.
Configure required DNS entries.
|Initialize the Access Gateway Admin UI console||Initialize the cookie domain and instance hostname.|
|Configure an Identity Provider in Access Gateway||Configure Okta tenant as an identify provider.|
|Reset Access Gateway and verify configuration||Initialize Access Gateway after first boot.|
|Configure SAML access to from your Okta tenant||Configure Okta tenant to allow access to Access Gateway using SAML.|
|Review security best practices||Examine and execute a set of common Access Gateway security best practices.|
Ensure that you appropriately name your Access Gateway nodes when you create them for use in a high availability cluster. These names must be resolvable between Access Gateway instances before you configure high availability.
VMware Workstation Player: VMware Workstation deployment
VMware vSphere/ESXi: VMware vSphere/ESXi deployment
Oracle VirtualBox: Oracle VirtualBox deployment tasks
Oracle VirtualBox is only supported for test and development use. Okta doesn't support Oracle VirtualBox for production deployments.
Amazon Web Services: Amazon Web Services deployment tasks
Oracle Cloud Infrastructure: Oracle Cloud Infrastructure deployment tasks
Microsoft Azure: Microsoft Azure deployment tasks