Add a Websocket-based application

Define a header-based application and create a policy for WebSocket-based URIs.

HTTP and WebSocket are communication protocols used in client-server communication. HTTP is unidirectional, where the client sends a request and the server responds. WebSockets is bidirectional and provides full-duplex communication between the client and server.

Access Gateway supports WebSocket-based apps by adding policy directives to URIs associated with WebSocket endpoints.

Diagram of a typical Access Gateway header-based application architecture that shows a high availability cluster protecting an application with WebSocket-based URIs and using custom policy to convert HTTP request to WebSocket requests.

Before you begin

Have the following available:

  • Appropriate DNS entries for the protected WebSocket app for internal users and exposed URL for external users (for example, and
  • A list of required application header attributes and their expected content.
  • A list of the existing WebSocket-based URIs.

Typical workflow

The Access Gateway administrator performs these tasks to add a WebSocket app.



Create a containing group

Best practice. Create an Okta group to which to assign WebSocket app users.

Create header application

Create a header application to protect the WebSocket app.

Assign Certificate

Optional. Assign a certificate to the app.

Add additional attributes

Optional. Add attributes to the app.

Add required access policy

Add required policy for all WebSocket-serviced URIs.

Test the application

Test the application, ensuring coverage of all URIs.


Optional. Troubleshoot the integration.