Add a generic header app

Architecture

Header Architecture

Flow

The user signs in to Okta.
Okta sends the user identity SAML to Access Gateway.
Access Gateway adds the required app attributes to the header and forwards the request to the back-end app.
The app performs the request and returns the results to Access Gateway.
Access Gateway performs rewrites and returns the request to the user.

See Header reference architecture.

Before you begin

Verify that you have administrator rights on your Okta org and can assign apps to users and create groups.
Ensure that appropriate DNS entries for both the header app and the external exposed new URL exist, as in these examples:
Value Description
https://ext-header.example.com The legacy app URL that the user accesses.
https://int-header.example.com The protected web resource URL that Access Gateway accesses.

Typical workflow

Task	Description
Create a containing group	Create an optional group to be assigned to the app.
Create a header app	Create a header app that defaults to the shared common back end.
Assign a certificate	Optional. Assign a certificate to the app.
Add more attributes	Optional. Add more attributes to the app.
Add an access policy	Optional. Add an access control policy.
Test the app	Test the app.
Troubleshoot	Troubleshoot the integration.

Related topics

Manage app policies for access control

© 2025 Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Feedback