Access Gateway environment configurations
Access Gateway is designed to provide a secure environment for processing authentication requests. If you make certain changes to a computer that hosts an Access Gateway instance, you may experience data loss, service outages, reduced performance, and reduced security. Okta may not be able to provide support if these situations arise from your changes.
- Don't add other services to the computer that hosts Access Gateway.
- Don't install other software on the computer that hosts Access Gateway.
- Don't remove or modify any Access Gateway accounts.
- Don't modify the contents of the /opt/oag/config file unless Okta Support instructs you to do so.
- Don't extract or repurpose Access Gateway code in any way.
Supplement Access Gateway functionality
You can use third-party monitoring, intrusion detection, and anti-virus software on computers that host an Access Gateway instance. Access Gateway data is considered sensitive data and it must be safeguarded against unauthorized access, including system accounts. Ensure that the security privileges that you assign to these tools give access only to accounts that need Access Gateway data, and at an appropriate level.
Evaluate the impact that these tools have on Access Gateway performance and end users' experience. For example, adding stateful packet inspection to your Access Gateway workflow may cause reduced performance. Test any changes on a few users before implementing them across your entire environment.
Add new remote users
You can add your own remote user account. Use the useradd Linux command to add a remote user account and apply a strong password, or require the use of a certificate, for authentication into Access Gateway.
Don't change any Access Gateway internal accounts when you update the sshd configuration. Doing so may cause Access Gateway to stop functioning.
Questions and help
If you have any other questions about the impact that environment changes and datacenter tools may have on Access Gateway, contact Okta Support.