Add an Access Gateway Admin UI console application
The purpose of this task is to step through the process of adding a second administrator app, assignable and accessible from your Okta org dashboard.
Using the administrator application Okta org administrators can assign the app to any user, allowing those users to access the Access Gateway Admin UI console and administer Access Gateway.
Create group and assign users
You must either assign users or define groups representing the users who can access the Access Gateway Admin UI console.
To define an Access Gatewaygroup within your Okta tenant:
- Sign in to your Okta tenant as an administrator.
- In the Admin Console, navigate to .
- Click Add Group.
- Enter a name for the group such as Access Gateway Admins.
- Add an option description, such as Members of this group can administer Access Gateway.
- Click Add Group.
To add users to the newly added groups:
- Click the name of the newly added group.
- Click Manage People.
- Using the Search by people field, find those users who should be able to administer Access Gateway.
- From the Not Members list click Add All.
- Click Save when complete.
Create the application in Access Gateway
- Sign in to the Access Gateway Admin UI console.
- Click the Applications tab.
- Click +Add.
-
Select the Access Gateway AdminUI option from the side menu, and then click Create. The New Protected Application wizard starts and displays the Setting tab.
- In the Essentials pane enter:
Field Value Label The name of the application,
For example: Access Gateway Admin UIPublic Domain The external facing URL of the gateway. Typically similar to gw-admin.[domain.tld].
For example: gw-admin.myaccessgateway.comPost Login URL Leave unchanged.
Group Enter the name of group created in the prior step. - See Certificate use for details about certificates.
- See Certificate management for a task flow for obtaining and assigning certificates.
- Expand the Certificates tab.
By default, when you create the app, the system generates a self-signed wildcard certificate and assigns it to the app.
- Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the app.
- Optional. Select an existing certificate from the list. Use the Search field to narrow the set of certificates by common name. Use the page forward and backward arrows to navigate through the list.
-
Click Next. The Attributes page appears.
The attribute set specified by the add application wizard is required by Access Gateway. Do not modify this list.
- Click Next. The Policy page will appears.
- Click Done.
All apps, including the Access Gateway Admin UI console app, require a self-signed or signed certificate.
Include signed certificates wherever you terminate SSL. You can terminate SSL at Access Gateway or any other network component, like a load balancer.
If you terminate SSL at a load balancer, on the Access Gateway Admin UI console app, you also need to use a certificate that is trusted by the load balancer.
If you terminate SSL on the Access Gateway Admin UI console application, you must use a signed certificate, which must be on the Access Gateway node and be associated with the Access Gateway Admin UI console application.
Test
- Sign in to your Okta tenant as a user in the Administer Access Gateway group.
- From the applications dashboard, find the Access Gateway Admin UI console app that you added and select it. The Access Gateway Admin UI console opens as the same user.
