Application integration overview

One of the most common activities performed by administrators is web application integration. Access Gateway applications represent the connection between an external resource and the internal application protected by Access Gateway.

Access Gateway is built and deployed to sit in front of a secure web application. When Access Gateway receives a request from a user, depending on the application policy, it will let the user access the web app without requiring any authentication. Initially, it redirects the user to Okta for authentication (per tenant specific Okta Authentication Policy). After authentication, the Okta tenant sends a SAML assertion to Access Gateway. Additionally, Access Gateway performs its own authorization checks on the URL before allowing the user's request to be sent to the web application.

You can use the Access Gateway Admin UI to configure web application definitions. After you save an application definition in Access Gateway, an application tile is created in the associated Okta tenant. All settings for the Okta tenant application are created automatically without any further administrator action. Within Access Gateway, the application creation process first identifies the application to Access Gateway. Once created, HTTP headers, Kerberos tokens, and other details, including authorization policies, are defined. For web applications with their own authentication, you must integrate the web application with Access Gateway to avoid the application from presenting its own login page to the user and possibly resulting in a double authentication. Access Gateway uses HTTP headers and Kerberos tokens as primary mechanisms for web application integration.

Access Gateway supports adding various common and proprietary application types, such as applications based on header, cookie, Kerberos, Oracle, and so on.
Application definitions are broken up into three main areas:

  • Essentials - Common configuration such as front end and protected resource URL as well as other common characteristics
  • Advanced - Configuration for session duration, content rewriting, certificates and more
  • Behavior - Configuration to customize out of the box behavior such as what to do on error conditions, sign out, session expiration, and more.

See Integrate applications with Access Gateway for more information on adding applications.

See Access Gateway supported applications for a list of supported application types.