Introduction to Access Gateway
Okta Access Gateway enables you to protect access to on-premises apps that don't support federation with the user authentication and single sign-on capabilities of Okta. It's a reverse proxy-based virtual application that integrates with legacy apps using HTTP headers and Kerberos tokens, and offers URL-based authentication. Since Access Gateway is behind the firewall, it lets external users access on-premises web-based apps without the need for traditional VPNs. When deployed, all browser traffic flows first to Access Gateway and then to the back-end protected app. This allows Access Gateway to monitor every request that a user accesses, perform authorization, and add the appropriate headers and tokens to the request.
Access Gateway communicates only with web-based apps.
Access Gateway components
An Access Gateway deployment includes the following components:
- Okta org: Manage your apps, users, single sign-on, and multifactor authentication (MFA) in Okta. Then use Access Gateway to apply the user authentication features of Okta to your on-premises apps.
- Virtual appliance: Access Gateway is a virtual appliance. You can download it from the Admin Console in your Okta org. Go to and then deploy it in a virtual environment. You can deploy as many instances as you need to meet reliability and throughput requirements.
- Virtual environment: Access Gateway must be hosted in a virtual environment. See Okta Access Gateway Supported Technologies for a list of supported virtual environments.
- Protected apps: Access Gateway protects header-based, SAML, custom web, Kerberos, and other apps.
- Policies: Create granular policies to protect access to apps based on group membership, IP address location, and many other factors.
The following Access Gateway administration tools are available:
- Access Gateway Admin UI console:
- Initially configure an instance of a virtual application
- Administer Access Gateway and Okta organization integration
- Define, administer, monitor, and manage protected applications
- Access Gateway Management console:
- Configuring high availability
- Managing underlying networking
- Monitoring and logging
- Enabling and disabling the support network