Set an Access Gateway proxy server

This procedure describes how to set a proxy for Access Gateway.

Worker nodes retrieve information from the admin node over HTTPS. The following traffic is routed through the proxy:

  • Communication to the Identity Provider.
  • Communication with the YUM repositories.
  • Access to your Okta org URL (<your-org>-admin.okta.com). Verify that this URL is excluded from SSL decryption.

Setting or unsetting a proxy requires a system restart. Set aside sufficient restart downtime.

Access Gateway doesn't support SSL decryption.

Before you begin

Configure nodes, workers, and admin nodes in the following ways before setting a proxy for Access Gateway:

  • All nodes must be in the proxy bypass when you sync nodes.
  • The worker node requires that the admin node is in the proxy bypass. Set a bypass proxy for the ha-admin.service.oag host. This is an internal host that Access Gateway uses for high-availability deployment.
  • The admin node requires that the worker nodes are in the proxy bypass.

Set the proxy for Access Gateway

  1. Sign in to the Access Gateway Management console.

    Use ssh oag-mgmt@admin. With virtual environments, like Oracle VirtualBox, use the command window provided by the environment.

    Username: oag-mgmt Password: <default-password>

    Change the default password the first time you sign in to Access Gateway Management console. See Sign in for the first time: Access Gateway Management console.

  2. Enter 1 - Network.
  3. Enter 5 - Proxy settings. See Proxy settings for a complete list of all proxy-related commands.
  4. Choose either 1 - Set proxy or 2 - Unset proxy. Enter Ctrl + c at any time to cancel.
    1. If you're setting a proxy, configure these options:
      • Enter proxy host: Enter the proxy host name or the IP address of the proxy.
      • Enter proxy port: Enter the port number where the proxy listens.
      • Enter hosts that need to bypass proxy: Enter a comma-separated list of hosts that bypass the proxy.
      • Enter y to confirm or N to cancel.
    2. If you're unsetting a proxy, enter y to unset a proxy, or N to cancel.
  5. Enter x to return to the Proxy settings menu.
  6. Enter x to return to the Network menu.
  7. Enter x to return to the main menu.
  8. Enter 5 - System.
  9. Enter 5 - Reboot.
  10. Enter y to confirm reboot.

Repeat these steps on all high-availability cluster members.