Add an Access Gateway Admin UI console application

The purpose of this task is to step through the process of adding a second administrator app, assignable and accessible from your Okta org dashboard.
Using the administrator application Okta org administrators can assign the app to any user, allowing those users to access the Access Gateway Admin UI console and administer Access Gateway.

Create group and assign users

You must either assign users or define groups representing the users who can access the Access Gateway Admin UI console.

To define an Access Gatewaygroup within your Okta tenant:

  1. Sign in to your Okta tenant as an administrator.
  2. In the Admin Console, navigate to DirectoryGroups.
  3. Click Add Group.
  4. Enter a name for the group such as Access Gateway Admins.
  5. Add an option description, such as Members of this group can administer Access Gateway.
  6. Click Add Group.

To add users to the newly added groups:

  1. Click the name of the newly added group.
  2. Click Manage People.
  3. Using the Search by people field, find those users who should be able to administer Access Gateway.
  4. From the Not Members list click Add All.
  5. Click Save when complete.

Create the application in Access Gateway

  1. Sign in to the Access Gateway Admin UI console.
  2. Click the Applications tab.
  3. Click +Add.
  4. Select the Access Gateway AdminUI option from the side menu, and then click Create. The New Protected Application wizard starts and displays the Setting tab.

  5. In the Essentials pane enter:
    FieldValue
    LabelThe name of the application,
    For example: Access Gateway Admin UI
    Public DomainThe external facing URL of the gateway. Typically similar to gw-admin.[domain.tld].
    For example: gw-admin.myaccessgateway.com
    Post Login URL

    Leave unchanged.

    GroupEnter the name of group created in the prior step.
  6. All apps, including the Access Gateway Admin UI console app, require a self-signed or signed certificate.

    Include signed certificates wherever you terminate SSL. You can terminate SSL at Access Gateway or any other network component, like a load balancer.

    If you terminate SSL at a load balancer, on the Access Gateway Admin UI console app, you also need to use a certificate that is trusted by the load balancer.

    If you terminate SSL on the Access Gateway Admin UI console application, you must use a signed certificate, which must be on the Access Gateway node and be associated with the Access Gateway Admin UI console application.

  7. Expand the Certificates tab.

    By default, when you create the app, the system generates a self-signed wildcard certificate and assigns it to the app.

  8. Optional. Click Generate self-signed certificate. A self-signed certificate is created and automatically assigned to the app.
  9. Optional. Select an existing certificate from the list. Use the Search field to narrow the set of certificates by common name. Use the page forward and backward arrows to navigate through the list.
  10. Click Next. The Attributes page appears.

    The attribute set specified by the add application wizard is required by Access Gateway. Do not modify this list.

  11. Click Next. The Policy page will appears.
  12. Click Done.

Test

  1. Sign in to your Okta tenant as a user in the Administer Access Gateway group.
  2. From the applications dashboard, find the Access Gateway Admin UI console app that you added and select it. The Access Gateway Admin UI console opens as the same user.

    In the applications list, click the name of the newly added Access Gateway admin app.