Not protected no session sequence flow

The not protected resource, with no session sequence is common with Customer Identity Access Management (CIAM) applications. This sequence represents a request for a non-protected, or public, resource where no existing Access Gateway session exists.

Sequence flow


Step Description
1 User signs into Okta.
2 Access Gateway checks for session, no session exists.
3 Access Gateway checks if resource is protected.
4 Access Gateway forwards required to application.
Note that since there is no session no headers can be provided on forward.
5 Application returns response to Access Gateway.
6 Access Gateway redirects response to User.

Related topics

Reference architectures

DNS use

High availability

About Access Gateway prerequisites