Okta Basics Curriculum: Protect On-Prem Applications with Okta’s Access Gateway (OAG)
The TLDR of Okta’s Access Gateway is that it allows companies to use SSO and MFA between cloud and on prem apps. The Access Gateway is a VM that can be hosted on prem or in the cloud, so it can live essentially anywhere in your environment that supports it.
Via Okta’s docs:
“Okta Access Gateway is a reverse proxy based virtual application, designed to secure web applications that don’t natively support SAML or OIDC. Access Gateway integrates with legacy applications using HTTP headers and Kerberos tokens, and offers URL-based authorization and more. You can use Access Gateway to seamlessly integrate your legacy web based applications with Okta’s Cloud Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) services. And because Access Gateway is deployed behind the firewall, it lets external users access on-premises web-based applications without the need for traditional VPNs.”
There’s a 25 minute product demo in the Okta Basics training that is recommended viewing (note: no closed captioning per usual).
The user experience is meant to be seamless, so users shouldn’t notice anything different or special if they’re accessing apps behind the Access Gateway.