Okta Support access

Okta Support access allows Okta to access client Access Gateway appliances using a VPN. This is disabled by default.

This access is restricted to select members of Okta Support, Professional Services, and Engineering. It requires an Okta access API token during configuration, and the client firewalls to allow outgoing TCP traffic on port 443.

Access Gateway support access architecture.


When connected to a client Access Gateway appliance, Okta Support staff can perform three types of operations:

  • Admin: Okta support staff can sign in and execute operations using the Access Gateway Admin UI console to perform normal administration activities.
  • Command-line: Okta support staff can use the Access Gateway Management console tool to connect to and execute commands to enhance, diagnose, or correct instance issues.
  • File transfer: Okta support staff can copy files to and from the Access Gateway appliance to upload and capture configuration, logs, and similar information.

Manage Okta Support access

There are two ways to manage Okta Support access:

Tunnel IP address

When Access Gateway connects to the support VPN, a specific IP address is assigned. To determine the current IP address:

  1. Sign in to the Access Gateway Admin UI console.
  2. Select Support.
  3. Examine the page to determine the assigned Tunnel IP address.

Related topics

Command Line Management Console reference

Access Gateway deployment prerequisites

Manage Okta Support access to Access Gateway