<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
New Trust Path for Okta Downloadables
Mar 11, 2026
Access Gateway
Okta Classic Engine
Okta Identity Engine

Okta established a new trust path for certain types of on-premises and/or device-resident appliances, agents, SDKs, and software libraries (collectively "downloadables") that relate to Okta’s cloud service offering. These downloadables, to date, include:

  • Okta Access Gateway (OAG) - an on-prem appliance that Okta customers can download and deploy in their own environment so that legacy applications can integrate with the Okta Integration Network (OIN).
  • Okta Active Directory Agent (AD Agent) - an on-prem agent that enables bidirectional synchronization with Microsoft Active Directory (AD).
  • Okta LDAP Agent (LDAP Agent) - an on-prem agent that enables bidirectional synchronization with LDAP directories.
  • Okta RADIUS Agent (RADIUS Agent) - an on-prem agent that enables authentication via RADIUS servers.


For clarity and transparency, OAG was removed from Okta’s FedRAMP Moderate authorization package in late 2023. This change was not communicated to all customers. All concerns with OAG were addressed. Additionally, Okta, in consultation with the FedRAMP Program Management Office and its Third Party Assessment Organization (3PAO), determined that a FedRAMP authorization is not required for these downloadables, as they are deployed to and run in a customer’s physical or virtual data center or on a customer's device. As an on-prem appliance, OAG should not have been listed in the authorization package or on the FedRAMP Marketplace initially.

Going forward, the downloadables will be redesignated as "available" rather than “authorized” and relocated to the appropriate sections of Okta’s FedRAMP Moderate, FedRAMP High, and DOD CC SRG (IL4) System Security Plans (SSPs) to reflect this new designation. 

In alignment with our core principles, Okta is dedicated to meeting the highest security benchmark for all its cloud and on-premise products. Okta is committed to ensuring that customers have the information they need to make informed, risk-based decisions. As such, upon request, Okta will provide available vulnerability and penetration test results for our on-premise products. Additionally, Okta is developing hardening guides for customers to use with these on-premises appliances. Please contact the account team with any questions. 

Recommended content

Still looking for help?
Loading
New Trust Path for Okta Downloadables