Add a SAML pass-through app
SAML pass-through apps are a combination of apps in an Okta org, an Access Gateway SAML proxy app, and an associated configuration.
Architecture
The SAML pass-through architecture is composed of:
- Split DNS: Internal users access the SAML-aware app using the same DNS name as external users. However, the address provided is either the IP address of Access Gateway, for external users, or the IP address of the SAML-aware app, for internal users.
- Okta SAML app: An Okta-based application that's hidden from the user.
- Access Gateway and the Access Gateway application: Proxies SAML requests. The Access Gateway application is hidden from users.
- Okta bookmark application: Used to access the app by users in an Okta org.
For details see: SAML pass through reference architecture
Before you begin
- Requires split DNS model, where:
- The DNS name for the backend server needs to be the same as the Access Gateway DNS name.
- The internal (non-internet) DNS must resolve to the actual SAML aware application server.
- The external (internet facing) DNS must resolve to the Access Gateway.
Typical workflow
|
Task |
Description |
|---|---|
| Add an Okta org group |
Create an Okta group to which to assign SAML app users. |
|
Fetch data provided by the application provider. |
|
| Add an Okta SAML application |
Create a SAML app to represent the back-end app. |
|
Create a SAML proxy app. |
|
| Add an Okta bookmark application |
Create a bookmark app that users can use to access the SAML app from their Okta org. |
|
Hide the apps that aren't used by the user. |
|
| Test the SAML pass through application |
Test the application. |