Configure your Okta org as an Identity Provider

Before you can secure applications, configure your Okta org as an Identity Provider (IdP). Access Gateway and your Okta org integrate using SAML and REST APIs.

You must have app admin and org admin privileges to perform these tasks:

  • Create an Okta service account for Access Gateway.
  • Create an Okta API token.
  • Configure an IdP in Access Gateway.

Create an Okta service account for Access Gateway

Okta recommends that you create and use a dedicated service account to create the Access Gateway API key. Okta logs every action performed by an API key under the user account that created the key.

  1. In the Admin Console, go to DirectoryPeople.
  2. Click Add person.
  3. Enter a name for the service account.
  4. Enter a placeholder email for the Username and Primary email. For example, service.admin@domain.com.

    Use placeholder values for the Username and Primary email to avoid interference between the service account and your account. Enter your email address as the Secondary email. Then, if you need to request a password reset, you're able to activate and maintain the service account.

  5. For the Secondary email, enter your administrator email address.
  6. Select Send user activation email now, and then click Save. The account is created and has a status of Pending user action.
  7. In the Admin Console, go to SecurityAdministrators.
  8. Click Add administrator.
  9. Select your service account from the Select admin dropdown.
  10. Select Application Administrator from the Role dropdown.
  11. Click Edit to configure the applications that the account can manage. Choose Constrain this role to the entire organization to allow the account to manage all applications, or create a resource set of the applications that the account can manage. See Edit resources for a standard role assignment.
  12. Click Save resource set.
  13. Click Add assignment.
  14. Select Organization Administrator from the Role dropdown.
  15. Click Save.
  16. Sign out of your Okta administrator account.
  17. Open the activation email that you received from Okta and click the activation link.
  18. Enter a password and a security question for the account.
  19. Sign in with the new service account credentials.

Create an Okta API token

  1. In the Admin Console, go to SecurityAPI.
  2. Click Create token.
  3. Enter a token name that identifies the token's purpose.
  4. Click Create token.
  5. Copy the Token Value and store it in a secure location, such as a password manager. After you close this window, you can no longer view the token value.
  6. Click Ok, got it.

Configure an IdP in Access Gateway

  1. In your browser, go to the Access Gateway Admin UI console and sign in as an administrator.
  2. Select the Settings tab.
  3. Click the Identity Providers pane.
  4. Click + and then select OKTA.
  5. Enter the following information:
    • Name: Enter a meaningful name for the IdP (for example, Okta IdP).
    • Okta Org: Enter your org name (for example, orgname.oktapreview.com, orgname.okta.com, or similar).
    • Okta API Token: Paste the token value that you copied from your Okta org when you created the Okta API token.
  6. Click Not Validated. This label changes to Validated when the Okta API token is successfully validated.
  7. Click Okay. The Settings tab displays your Okta IdP status, which should be Valid.
  8. Click the Topology tab. An icon appears for your IdP, labeled with the name that you entered.
  9. Click your IdP's icon. If it's configured correctly, you're redirected to your Okta org.