Skip to content
CTRL K
    Docs Standalone Kubernetes Tutorials Standalone Kubernetes Models Blog Enterprise Community Get Started GitHub

    For the complete documentation index, see llms.txt. Markdown versions of all docs pages are available by appending .md to any docs URL.

    Page as Markdown
    Okta
    Integrate agentgateway with Okta for enterprise identity management
    Okta is an enterprise identity platform. agentgateway can validate JWTs issued by Okta for API authentication.
    Why use Okta with agentgateway?

    • Enterprise SSO - Centralized identity for organizations
    • Directory integration - Active Directory, LDAP sync
    • Lifecycle management - Automated provisioning/deprovisioning
    • Compliance - SOC 2, HIPAA, FedRAMP certified
    • API Access Management - OAuth2/OIDC for APIs
    Configuration

    Configure agentgateway to validate Okta JWTs:
    # yaml-language-server: $schema=https://agentgateway.dev/schema/config
binds:
- port: 3000
  listeners:
  - routes:
    - backends:
      - mcp:
          targets:
          - name: my-server
            stdio:
              cmd: npx
              args: ["@modelcontextprotocol/server-everything"]
      policies:
        mcpAuthentication:
          mode: strict
          issuer: https://your-org.okta.com/oauth2/default
          audiences:
          - api://agentgateway
          jwks:
            url: https://your-org.okta.com/oauth2/default/v1/keys
    Okta setup

    1. Create an Authorization Server (or use default):
      • Admin Console → Security → API → Authorization Servers
    2. Add a custom scope:
      • Name: agentgateway
      • Description: Access to agentgateway
    3. Create an API Services application:
      • Applications → Create App Integration
      • Sign-in method: API Services
      • Note the Client ID and Client Secret
    4. Grant the scope to your application
    Getting a token

    curl -X POST "https://your-org.okta.com/oauth2/default/v1/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=agentgateway"
    Group-based authorization

    Use Okta groups with agentgateway authorization:
    policies:
  mcpAuthentication:
    mode: strict
    issuer: https://your-org.okta.com/oauth2/default
    audiences: [api://agentgateway]
    jwks:
      url: https://your-org.okta.com/oauth2/default/v1/keys
  authorization:
    rules:
    # Check for Okta group membership
    - '"AI-Users" in jwt.groups'
    Learn more

    
Auth0
    Was this page helpful?
    

    
Agentgateway assistant
    


    Ask me anything about agentgateway configuration, features, or usage.
    Note: AI-generated content might contain errors; please verify and test all returned information.
    Tip: one topic per conversation gives the best results. Use the + button in the chat header to start a new conversation.
    Switching topics? Starting a new conversation improves accuracy.

    ↑↓ navigate
 select
esc dismiss
    

    

    What could be improved?
    Your feedback helps us improve assistant answers and identify docs gaps we should fix.
    Need more help? Join us on Discord:
https://discord.gg/y9efgEmppm
    Want to use your own agent? Add the Solo MCP server to query our docs directly. Get started here:
https://search.solo.io/.