Service provider initiated Access Gateway flow

Requests can be initiated to a service provider or using an Okta tenant. This diagram represent an Service provider initiated flow.

Flow through Access Gateway initiated by IDP



User requests application access.

2 Access Gateway intercepts request and
redirects to Okta for SAML assertion.
3 User (browser) sends SAML AuthN Request to Okta,
logs into Okta following Okta policies.
4 On success, Okta Generates a SAML assertion for Access Gateway.
5 User (browser) presents SAML assertion to Access Gateway.


Access Gateway forwards request to protected web resource.


Protected web resource receives request, and returns response to Access Gateway


Access Gateway performs any required rewrites and returns response.

Related topics

Reference architectures

DNS use

High availability

About Access Gateway prerequisites