Manage application attributes

To manage application attributes:

  1. Go to the Access Gateway Admin UI console.
  2. From the Topology tab or the Applications tab, open the application.
  3. Select the Attributes pane.

    Selecting the Attributes tab allows you to add, delete, edit or test an application attribute.

    The list of known attributes for the application displays and is similar to the following:

  4. From the available set of attributes, select any one of the following options:
    Add an attribute
    Delete an existing attribute
    Modify an existing attributeModify attribute(pencil) icon.
    Test an attribute setModify attribute(pencil) icon.

Add an attribute

  1. Click Add () in the attribute list header.
    The new Attribute dialog box appears. You may need to scroll to the display as new attributes are added at the end of the page.
  2. From the Data Source drop-down box, select an appropriate data source.
    See Data Source Types for a list of supported data source types and their meaning.
  3. From the Field drop-down box, select a field name. This is the source of the content for the header element.
  4. From the Type drop-down box, select the appropriate target type, either Header or Cookie.
  5. In the Name field, enter the name for the header or cookie value expected by the legacy application.
    For example, to map the IDP field username to the header field login, you need to create an attribute resembling:
    Example mapping of idP field login to to header field username.
  6. Click Okay when the attribute is complete.

Delete an existing attribute

  1. Click Delete () associated with the attribute you want to delete.
  2. In the confirm dialog box, click Yes to delete the attribute or No to cancel the delete operation.

Modify an existing attribute

  1. Click Edit (Modify attribute(pencil) icon.) associated with the attribute you want to modify. The Edit existing attribute dialog box appears.
  2. Modify the attribute as required.
  3. Click Okay to save the modified attribute or Cancel to cancel the modification.

Test an attribute set

  1. Click Test (Modify attribute(pencil) icon.) in the attribute list header. The simulator dialog box appears.
  2. Enter a value for a field that you want to test.
  3. Click Test.
  4. Examine the result. You may need to scroll the simulator window at the end of the page to see the test results.
  5. Modify a value and run the test again, or click Close to close the simulator dialog box.

Attributes fields

Application attributes are composed of the following elements:

Field Description
Send Attribute

Controls whether an attribute is present or not present within a header or cookie.

Attributes used for policy decisions are typically set to Don't Send.

Data Source The source of origin for the contents of the attribute. It can be any of several sources including IDP, various contexts, Data Stores, and others.

Field and Record Number or Value

Either Field and Record Number, or Value.

For static and secret attributes, the Value field represents a fixed value for the attribute.

For non-static fields, Field field is used as the source for the attribute.

Record Number is only present with non-static fields and represents which of a multi-value variable will be selected. Record Value can be one of the following:

  • n: Where n represents the specific record number in the input. Default value is 0.
  • #: return the total number of records in the input.
  • @: Concatenate all values, using colons (:) as separator.

    For example ":value1:value2:value3:"

Maximum length: 128 characters.


Method for passing attributes. The type can be one of the following:

  • Header: Attribute is passed in a header.

  • Cookie: Attribute is passed in a cookie.


Associated field in either the header or cookie.

Maximum length: 128 characters.

Data source types

The Data Source field defines the source for the value of the attribute. The following data sources are available:

Data Source Description
IDP The value of the attribute is populated from the IDP field selected in the Value field. This is your Okta tenant.
Static The value of the attribute is fixed and defined in the Value field.
Secret The value of the attribute is a static protected value. It is used as a secret key by the application to trust the headers, which originate from Access Gateway.


The value of the attribute comes from the OID data source. The OID data source is available in the Oracle E-Business Suite and other application types that provide LDAP support. You can use it to retrieve the Oracle GUID.

Auth Context The value of the attribute comes from the authentication context, which includes the remote address and session ID.
App Context The value of the attribute comes from the application context and includes fields, such as domain, cookie domain, and so on.