Not protected with session sequence flow

The not protected with session sequence describes the sequence of events which occur when a user attempts to access a non-protected web resource, in a known application, where an existing Access Gateway already session exists.

Sequence flow


Step Description
1 User signs into Okta.
2 Access Gateway checks for session, uses existing session.
3 Access Gateway checks if resource is protected.
4 Access Gateway forwards required to application.
Since session exists headers are provided on forward.
5 Application returns response to Access Gateway.
6 Access Gateway redirects response to User.

Related topics

Reference architectures

DNS use

High availability

About Access Gateway prerequisites