Today, I'm incredibly excited to announce the general availability (GA) of Okta Access Gateway:
Access Gateway is a new product that enables organizations to use Okta's Cloud Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) to secure access to their on-premises web apps. We’ve been working with dozens of customers in the Early Adopter Program who put Access Gateway through the ringer, and we’re chomping at the bit to get more customers onboard in GA.
How does Access Gateway work?
Before Access Gateway, securing access to on-premises web apps was hard. Organizations interested in protecting on-prem web apps would either deploy legacy Single Sign-On (SSO) solutions (a.k.a., Web Access Management (WAM)) in their data centers or change their on-prem application source code to support cloud identity—using standards like SAML and OpenID Connect. Both of these approaches are expensive and complicated.
With Access Gateway, this challenge is gone. Access Gateway acts as a reverse-proxy, allowing organizations to use cloud identity, SSO and Adaptive MFA to control access to on-prem web apps. Because Access Gateway uses the same standards that on-prem apps natively support, such as Kerberos, Header-Based Authentication, and URL-based Authorization, organizations can protect on-prem web apps without changing their source code. In many cases, Access Gateway can completely replace legacy WAM solutions, and make Okta the single identity provider for all their applications.
Access Gateway reverse proxy architecture
Access Gateway is an extension of Okta’s category-leading Identity Cloud. That means customers can secure their on-prem web apps as they would their cloud apps: it’s easy to apply modern security policies, such as geofencing, Adaptive MFA, and passwordless access.
Passwordless access to an on-premises application
This unified solution also simplifies access for end-users. Employees, contractors, and partners can launch any app, from Microsoft Office 365 to Oracle E-Business Suite, from any device with the same consumer-grade experience.
Single Dashboard: Access for any application
What does this mean for me?
With Access Gateway you can:
- Replace legacy SSO or WAM solutions such as CA SiteMinder and enable remote access to on-prems web applications without changing how they work today.
- Use Okta as the single Identity Provider for apps from ground to cloud. This way, you can consolidate your security policies, integrations, users, and MFA in a single place, saving time, money, and eliminating identity silos.
- Consolidate the access experience of your end-users. With Okta and Access Gateway, end-users can access on-premises and cloud apps with the same set of credentials and MFA factors, from the same dashboard.