Skip to main contentSkip to docs navigation
Docs
  • English (United States)
  • 日本語 (日本)
  • Français (France)
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
    • Identity Engine
    • Classic Engine
    • Access Gateway
    • Advanced Server Access
    • Aerial
    • Identity Security Posture Management
    • Workflows
  • Okta Developer
    • Auth0 Docs
    • Auth0 FGA Docs
  • Training
  • Support
    • English (United States)
    • 日本語 (日本)
    • Français (France)

Feedback
OAG publication
  • Okta Access Gateway
  • Release notes
  • Get started with Okta Access Gateway Access Gateway
    • Introduction to Access Gateway
    • Access Gateway environment configurations
    • Console interfaces
      • Access Gateway Management console
      • Access Gateway Admin UI console
      • Default Access Gateway credentials
    • DNS use
    • Access Gateway deployment tasks
    • High availability
    • Load balancing
      • Health checks for load balancing
        • Load balancing protected web resource health check lifecycle
    • Monitoring
    • Selective upgrade
    • Okta Support access
    • Access Gateway and sessions
    • Okta as IdP
    • Enable or disable the Access Gateway API
    • Deployment and configuration workflow
    • Application integration overview
    • Deploy Access Gateway for development environments
      • Install Oracle VirtualBox
      • Reset Access Gateway and verify its configuration
      • Add admin host entries
      • Add an Access Gateway Admin UI console application
    • Bootstrap Access Gateway with Amazon Web Services
      • Download the latest Amazon Web Services image
      • Upload an OVA to an AWS S3 bucket
      • Create and associate AWS roles
      • Import an OVA to AWS
      • Launch as AWS instance
      • Obtain AWS Elastic IP address
      • Amazon Web Services post-deployment tasks
    • Okta Access Gateway one-day admin
      • Deploy Access Gateway
      • Configure SAML access to your Okta Tenant
      • Protect Applications
      • Configure High Availability
    • Example architecture
    • Integrate applications
      • Integrate applications
      • Integrate Data Stores
      • Add Custom Policy
      • Add custom behaviors
    • Security best practices
  • Manage Access Gateway deployment
    • Components
      • Network interfaces
    • Access Gateway deployment
      • Capacity planning and Access Gateway
      • Access Gateway deployment prerequisites
      • Supported technologies
    • Amazon Web Services deployment tasks
      • Download the latest Access Gateway image
      • Install and configure the Amazon Web Services command-line interface
      • Determine the Amazon Web Services storage region
      • Create an Amazon Web Services S3 bucket
      • Upload an OVA to an AWS S3 bucket
      • Create and associate AWS roles
      • Import an OVA to AWS
      • Launch AWS instance
      • Obtain AWS Elastic IP address
      • Amazon Web Services post-deployment tasks
      • Amazon Web Services high availability and load balancer tasks
        • Configure Amazon Web Services load balancers
        • Improve AWS load balancer health monitoring
    • Enable FIPS mode
    • Oracle Cloud Infrastructure deployment tasks
      • Install OCI-CLI
      • Download the latest image
      • Create a compartment
      • Create storage bucket
      • Upload an OVA to an OCI storage bucket
      • Import an OVA to OCI
      • Create Instance in OCI
      • Launch and configure an instance in OCI
      • Oracle Cloud Infrastructure post-deployment tasks
      • Oracle Cloud Infrastructure high availability and load balancer tasks
        • Configure OCI load balancers
    • Oracle VirtualBox deployment tasks
      • Download the latest image
      • Deploy the Access Gateway OVA file to Oracle VirtualBox
    • Google Cloud Platform deployment tasks
      • Install Google Cloud CLI
      • Download image
      • Create project
      • Enable privileges
      • Create a bucket
      • Create a VM
      • Post deploy tasks
    • Microsoft Azure deployment tasks
      • Install and configure Microsoft Azure Command-Line Interface
      • Define resource group
      • Create a temporary virtual machine to host the disk
      • Prepare a temporary virtual machine disk
      • Upload, create, and populate a managed disk
      • Copy a disk
      • Create a Microsoft Azure virtual machine
      • Configure networking
      • Cleanup
      • Microsoft Azure post-deployment tasks
      • Microsoft Azure high availability and load balancer tasks
        • Configure Microsoft Azure load balancers
    • Nutanix deploy tasks
      • Download the latest image
      • Create a Nutanix storage container
      • Upload a disk image to Nutanix
      • Create a Nutanix VM
      • Launch a Nutanix VM
      • Nutanix post-deployment tasks
    • VMware vSphere/ESXi deployment
      • Download the latest image
      • Deploy the Access Gateway OVA file to VMware vSphere and ESXi
      • VMware vSphere/ESXi post-deployment tasks
    • VMware Workstation deployment
      • Download the latest image
      • Import the Open Virtual Appliance file into VMware Workstation
    • Post-deployment tasks
      • Sign in for the first time: Access Gateway Management console
        • Access Gateway password strength requirements
      • Set the Access Gateway instance hostname
      • Set the Access Gateway instance IP address
      • Set Access Gateway DNS servers
      • Set an Access Gateway proxy server
      • Determine the Access Gateway IP address
      • Add an admin entry to the hosts file
      • Configure the Access Gateway DNS entries
      • Sign in for the first time: Access Gateway Admin UI console
      • Initialize the Access Gateway Admin UI console
      • Reset Access Gateway: command line
      • Reset Access Gateway passwords
      • Configure an Identity Provider in Access Gateway
      • Add an Access Gateway Admin UI console app
        • Add an Okta org group
        • Create the application
        • Test the Admin app integration
  • Manage Access Gateway day-to-day
    • Manage Okta Support access to Access Gateway
    • Backup and restore
      • Backup and restore operations
      • Perform restores
      • Backup reference
      • Backup FAQs
    • Upgrade Access Gateway Access Gateway
      • Upgrade Access Gateway to the latest version
      • Upgrade Access Gateway to a specific version
      • Configure Auto-Update
      • Access Gateway OS
    • Manage trusted domains
      • About trusted domains
    • Manage logging
      • Logging
      • Logging levels
      • Access and monitor logs from the Access Gateway Management console
      • Logging storage
      • Manage log verbosity
      • Examine disk in use
      • Log formats and examples
        • Access Gateway access log
        • Access Gateway audit log
        • Access Gateway monitor log
        • Access Gateway NGINX log
        • Access Gateway sudo audit log
      • Configure log forwarders
        • Frequently Asked Questions
        • Manage log forwarders
        • Troubleshooting
      • Download log files
        • Decompress log files
    • Administer SNMP monitoring
    • Configure and manage high availability
      • Load balancers
      • High availability concepts
      • Overview of the High Availability Configuration workflow
      • High Availability configuration operations
      • Best practices for high availability
    • Perform admin renomination
      • Admin renomination
      • Admin renomination workflow
      • Admin renomination events
    • Manage certificates and certificate chains
      • Certificate use
      • App certificate use
      • Client certificate validation behavior
      • Certificate management
        • Obtain certificates
        • Upload certificates
        • Associate certificates
        • Associate a default host certificate using the Access Gateway Admin UI console
        • SSL Termination
      • Certificate chain management
        • Certificate chain operations
        • Certificate chain events
      • Certificate creation, update, and assignment events
    • Manage network interfaces
    • Manage REST API monitoring
      • Basic REST API monitoring
      • REST Monitoring management events
    • Manage SSL/TLS termination
    • Monitor Access Gateway
      • Status monitoring
      • Metrics monitoring
        • Open metrics ports
        • Configure metrics monitoring
        • Test Metrics monitoring with REST
        • Configure Prometheus
        • Supported metrics
        • Metrics monitoring events
    • Reset the credentials for the Access Gateway Local Auth Module
      • Test the Access Gateway Local Auth Module
    • Management Console command-line reference
      • Sign in for the first time
      • Access Gateway Network Setup menu
      • Services
      • Kerberos
      • Monitor
      • System menu
      • Change passwords
      • Support connection
      • Client certificate chains
    • Determine the Access Gateway version
  • Integrate apps with Access Gateway
    • Access Gateway apps
      • Applications
        • Application settings
        • App essentials
        • App-protected web resources
        • Application attributes
        • App behaviors
        • App policy
        • Advanced application settings
        • Application data stores
      • Okta Groups for Access Gateway
      • Access Gateway supported apps
    • App attributes
      • Application attribute Data Stores
      • About application attribute elements
      • Manage application attributes
      • Define Custom Application Attributes
    • Access Gateway administration apps
    • Generic apps
      • Add a generic header app
        • Header reference architecture
        • Create the application in Access Gateway
        • Add a certificate to the header application
        • Add additional header app attributes
        • Add additional header app policy
        • Test a header based application
      • Add a Kerberos app
        • Kerberos overview
        • Add an Okta org group
        • Add Access Gateway to Windows DNS
        • Create a Windows Access Gateway service account
        • Create keytab
        • Add Kerberos service
        • Configure Windows Server IIS for constrained delegation
        • Create a Microsoft IIS IWA application
        • Test Kerberos application
        • Kerberos application troubleshooting and best practices
      • Add a portal application
        • Add an Okta org group
        • Create Access Gateway application
        • Assign a certificate to a portal application
        • Add additional attributes
        • Add a redirect policy to a portal app
        • Test a portal-based app
      • Add a SAML pass-through app
        • SAML pass through reference architecture
        • Add an Okta org group
        • Obtain required SAML data
        • Add an Okta SAML application
        • Create an Access Gateway SAML proxy application
        • Add an Okta bookmark application
        • Hide applications
        • Test the SAML pass through application
      • Add a SharePoint application
        • SharePoint application architecture
        • Review and document existing architecture
        • Configure a SharePoint SPN and enable Kerberos
        • Configure SharePoint as Kerberos
        • Configure SharePoint as IIS IWA application
        • Configure SharePoint to work with a reverse proxy
        • Test SharePoint integration
      • Add a Websocket-based application
        • Create the application in Access Gateway
        • Assign certificate to a web socket application
        • Add attributes
        • Add required access policy
        • Test WebSocket-based applications
        • Troubleshoot a WebSocket integration
    • Sample apps
      • Add a sample cookie app
        • Create sample cookie application
        • About application cookie headers fields
        • Add a certificate to the sample cookie application
        • Add attributes
        • Test a sample cookie application
      • Add a sample header app
        • Create a sample header application
        • Add a certificate to the sample header application
        • Add an attribute
        • Test a sample header application
      • Add a sample policy application
        • Create a sample policy application
        • Add a certificate to the sample policy application
        • Add attributes
        • Add required access policy
        • Test a sample policy application
      • Add a sample proxy app
        • Create sample proxy application
        • Add a certificate to the sample proxy application
        • Add attributes
        • Add required access policy
        • Test a sample proxy application
    • Third-party apps
      • Add an Oracle JD Edwards app
        • Add an Okta org group
        • Enable SSO in JD Edwards EnterpriseOne Console
        • Create the app in Access Gateway
        • Test a JD Edwards-based app
        • Oracle JD Edwards reference architecture
      • Add a no-auth app to Access Gateway
        • Create no-auth application in Access Gateway
        • Add a certificate to the no auth application
        • Add additional no-auth app attributes
        • Test the no-auth app
      • Add an Oracle AccessGate app
        • Create Oracle AccessGate app
        • Test the Oracle AccessGate integration
      • Add an Oracle Agile PLM app
        • Create the Oracle Agile PLM application
        • Assign a certificate to an Oracle Agile PLM application
        • Confirm attributes
        • Test the Oracle Agile PLM integration
      • Add an Oracle Application Express app
        • Create an Oracle Application Express app
        • Assign a certificate to an Oracle Application Express application
        • Confirm Oracle Application Express application attributes
        • Test the Oracle Application Express integration
      • Add an Oracle BI Enterprise Edition app
        • Create the Oracle BI Enterprise Edition app
        • Assign a certificate to an Oracle BI Enterprise Express app
        • Confirm Oracle BI Enterprise Edition app attributes
        • Test the Oracle BI Enterprise Edition integration
      • Add an Oracle Demantra app
        • Create the Oracle Demantra app
        • Assign a certificate to an Oracle Demantra app
        • Confirm Oracle Demantra app attributes
        • Test the Oracle Demantra integration
      • Integrate an Oracle E-Business Suite app with Access Gateway
        • Oracle E-Business Suite with Access Gateway Rapid SSO reference architecture
        • Oracle E-Business Suite with Access Gateway Classic SSO reference architecture
        • Add an Okta org group
        • Configure Oracle E-Business Suite for Rapid SSO and create the DBC file
        • Create the Rapid or Classic EBS app
        • Test the Oracle E-Business Suite integration
        • Troubleshoot Oracle E-Business Suite apps
      • Add an Oracle Forms app
        • Create the Oracle Forms app
        • Assign a certificate to an Oracle Forms application
        • Confirm Oracle Forms application attributes
        • Test the Oracle Forms integration
      • Add an Oracle Hyperion app
        • Create the Oracle Hyperion application
        • Assign a certificate to an Oracle Hyperion application
        • Confirm Oracle Hyperion application attributes
        • Test the Oracle Hypersion integration
      • Add an Oracle PeopleSoft app
        • Oracle PeopleSoft reference architecture
        • Configure PeopleCode using the PeopleTools desktop client
        • Configure PeopleSoft using the PeopleSoft web portal
        • Configure the PeopleSoft application
        • Test Oracle PeopleSoft application
      • Add an Oracle WebCenter app
        • Create the Oracle WebCenter application
        • Assign a certificate to an Oracle WebCenter application
        • Confirm Oracle WebCenter application attributes
        • Test the Oracle WebCenter integration
      • Add an Oracle WebLogic Server app
        • Create the Oracle WebLogic Server application
        • Assign a certificate to an Oracle WebLogic Server application
        • Confirm Oracle WebLogic Server application attributes
        • Test the Oracle WebLogic Server integration
      • Add a Qlik app
        • Create the Qlik app
        • Assign a certificate to a Qlik app
        • Confirm Qlik app attributes
        • Test the Qlik integration
    • Manage app policies for access control
      • Access policies
      • App policy precedence
      • Policy types
        • Protected Rule resource-matching rule expressions
      • Manage app policies
      • Example Access Gateway policy
      • Advanced Access Gateway policy
        • Develop an advanced Access Gateway policy
        • Advanced Access Gateway policy examples
    • App integration FAQ
    • Common application tasks
      • Add an Okta group for an Access Gateway application
      • Enable Access Gateway load balancing in an app
        • Load balancing log events
      • Manage application certificates
      • Manage application essentials
      • Configure advanced app settings
        • Application session timeout interaction
      • Define app behaviors
      • Define an app policy
      • Add Database Data Stores
      • Add LDAP Data Stores
      • Manage Data Stores
      • Configure apps for testing
      • Administer data stores
        • Add Database data stores
        • Add LDAP DataStores
        • Manage data stores
    • Best practices: Header apps
  • Troubleshoot
    • Troubleshoot app integrations
      • App process flow
      • App troubleshooting process
      • Generate HTTP Archive files
      • Troubleshoot apps
      • Troubleshooting tips and techniques
    • Troubleshoot upgrades
    • Troubleshoot HTTP status codes
    • Troubleshoot miscellaneous issues
    • Basic health check
  • Reference architectures
    • Workforce heterogeneous application reference architecture
      • Single Access Gateway server architecture
      • Internal-only single data center architecture
      • External-only single data center architecture
      • Multiple data center architecture
      • Comprehensive architecture
    • CIAM application reference architecture
      • Simple CIAM application reference architecture
      • Single cluster CIAM application reference architecture
      • Single split cluster CIAM application reference architecture
      • Hybrid multi-cluster spring CIAM application reference architecture
      • Multi-cluster CIAM application reference architecture
    • Oracle E-Business suite application reference architecture
      • Oracle E-Business suite rapid internal application reference architecture
      • Oracle E-Business suite rapid external application reference architecture
      • Oracle E-Business suite classic external application reference architecture
    • Kerberos application reference architecture
      • Kerberos simple application reference architecture
      • Kerberos simple cluster application reference architecture
      • Kerberos cluster application reference architecture
      • Multiple Kerberos domain application reference architecture
    • Protected application reference architectures
      • Unprotected application reference architecture
      • Masked DNS protected application reference architecture
      • Firewall protected application reference architecture
      • Protected IP protected application reference architecture
      • Certificate Challenge protected application reference architecture
    • Access Gateway sequence flows
      • Not protected no session sequence flow
      • Not protected with session sequence flow
      • Protected resource without session sequence flow
      • Protected resource with session sequence flow
    • Common Access Gateway flows
      • Identity provider initiated flow
      • Service provider initiated Access Gateway flow
      • Post Access Gateway flow
  1. Integrate apps with Access Gateway
  2. Common application tasks
  3. Define an app policy

Define an app policy

See Manage application policy.

© Okta, Inc. All Rights Reserved. Various trademarks held by their respective owners.

Top