<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000074sdUhCAIOkta Identity EngineAccess GatewayAnswered2023-11-27T18:21:20.000Z2021-07-19T18:00:20.000Z2021-07-23T16:33:00.000Z

AlexJ.82288 (Customer) asked a question.

July 19, 2021 at 6:00 PM
Leverage OAG to Grant External Users Access to internal web app

Trying to understand how I can utilize OAG to allow users not on our network access to an internal web app.

 

I understand how it can be utilized if the internal app is utilizing header based or Kerberos authentication but not sure how it would be implemented for my specific use case.

 

Here is the situation.

 

There is an internal web app that is not exposed to the internet, only users within the network or VPN can access it. This app is going to be moving over to utilizing Okta for authenticating to the app either via SAML or OIDC very soon. Once that happens then the next challenge is to find out how to allow external users that are not on our VPN or network access to the app. These users do have accounts within our Okta tenant but will not be on our network or VPN when attempting to access the app.

 

So the question is how can OAG be leveraged to allow access to an internal application that is utilizing SAML or OIDC, for users that are not on our network?

 

 

I did find this documentation for a SAML-Passthrough application but wasn't sure if that is exactly what I am looking for. Any help would be greatly appreciated!

 

https://help.okta.com/oag/en-us/Content/Topics/Access-Gateway/add-app-saml-pass-thru.htm

 

  • 1 answer
  • 778 views

  • User15967624383583695442 (Vendor Management)

    Hi Alex

    Thank you for reaching out to Okta, my name is Daniel Corrales and I'll be assisting you with this question.

     

    --> Unfortunately, OAG was not designed for that. Okta Access Gateway is an ideal solution for any Okta customer where:

    • Your enterprise wants to unify all Identity and Access Management under an Okta platform but requires integration with web applications that don't support federations, such as SAML and WS-Fed.
    • Your vendors, customers, or partners must access your internal business web applications, such as SharePoint, Oracle E-Business Suite, and others, from the internet.
    • You must restrict unauthorized network access to your web applications.
    • Your enterprise has web applications that lack a native authentication mechanism.
    • Your company is looking for a cost-effective replacement for your on-premises Web Access Management (WAM) solution.

     

    Reference: https://help.okta.com/oag/en-us/Content/Topics/Access-Gateway/about-oag.htm

    Expand Post
This question is closed.
Loading
Leverage OAG to Grant External Users Access to internal web app