Reference architectures

Access Gateway enables you to configure deployments to handle specific datacenter use cases, such as scalability, performance, or fault tolerance. These configurations are called reference architectures. Several reference architectures are available to help you customize your environment for best performance.

Components of a reference architecture

Okta org

The Okta org provides authentication, authorization, directory, and other services to the Access Gateway instances.

Directory service If your organization doesn't use Okta for directory services, you can use LDAP, Active Directory, and similar directory services instead.
Database You can use databases to augment directory services and applications for authentication and authorization. See Application data stores for more information.

Access Gateway

Run several single instances of Access Gateway or configure several instances the same way to create a cluster. You can use a different reference architecture for each single instance or cluster to cover each use case.


Group applications that share certain characteristics and then deploy them through specific Access Gateway instances. Shared characteristics might be target audience, performance or security requirements, and others.

Proxy servers Proxy requests from behind firewalls for Access Gateway, administrators, and users.
Firewalls Firewalls provide monitoring, security, and other services for inbound and outbound traffic.
Load balancers Load balancers enable you to distribute the request load across multiple instances to maintain performance.

Common reference architectures

Workforce heterogeneous application reference architecture

CIAM application reference architecture

Oracle E-Business suite application reference architecture

Kerberos application reference architecture

Protected application reference architectures

Related topics

Access Gateway security best practices

Common Access Gateway flows

Access Gateway sequence flows