Post Access Gateway flow
Requests can be initiated to a service provider directly or using an Okta tenant.
Access Gateway flows go through a number of steps for each request after a flow is initiated. The following diagram and state transition description describe this flow.
| State | Description | Error | Success |
|---|---|---|---|
| Initial | Starting state, where request has yet to be made. | ||
| Domain served | DNS entry points to Access Gatewaybut Domain not served by Access Gateway. | Unknown host Status code:400 The requested host:'domain.tld' is not being served by this Access Gateway. | Continue |
| Session does not exists | Session does not exist, perform defined application login behavior. | Failed authentication, Okta supplied page. | Continue |
| Validate session integrity | Validate session according to session integrity behavior. |
Error, as defined in behavior. Or one of:
|
Continue |
| Create session | Access Gateway session is created. Attributes populated and stored into session cache. | N/A | Continue |
| Evaluate deep linking | Advanced > Deep linking (Disabled). | N/A | Route to the specified post login url. |
|
Advanced > Deep linking (Enabled). |
N/A |
Route to the provided URL Normally http://domain.tld/somepath. |
|
|
Evaluate policy |
Evaluate policy for selected URI |
403 (Access denied via policy) |
403 (Access denied via policy) |
|
Forward request |
Rewrite request and forward to protected resource |
Application dependent. | |