- 1. Introduction
- 2. About Data Gateway
- 3. Key Features
- 4. Glossary
- 5. System Requirements
- 6. Application Access
- 7. Roles
- 8. Dashboard Reports (Statistics)
- 9. Cloud Configurations
- 10. Access Management
-
11. Endpoint Management Module
- 11.1 Create Endpoint
- 11.2 Manage Endpoint
-
11.3 Protocols
- 11.3.1 FTP (File Transfer Protocol)
- Pull-Push
- Push-Pull
- Push–Push Scenario
- 11.3.2 FTPS (FTP Secure)
- Pull-Push
- Push-Pull
- Push-Push Scenario
- 11.3.3 SFTP (SSH File Transfer Protocol)
- Pull-Push
- Push-Pull
- Push-Push Scenario
- 11.3.4 API Based File Transfers
- 11.3.4.1 Pull-Push
- 11.3.4.2 Scenario: File Transfer through API, where You connect to Remote Server
- 11.3.4.3 Scenario: File Transfer through API, where Partner connects to Your Server
- 11.3.4.4 Push-Pull
- 11.3.5 AS2 (Applicability Statement 2)
- 11.3.5.1 AS2 Organizations
- 11.3.5.2 AS2 Endpoints
- 11.3.5.3 AS2 Relationships
- 11.4 GUID
- 12. File Management Module
-
13. Settings
- 13.1 Scheduler Configuration
- 13.2 PGP Manager
- 13.3 Application Configuration
- 13.4 Queue Management
- 13.4.1 Queue Management – Field Descriptions
- 13.4.2 Operational Summary
- 13.4.3 Key Benefits
- 13.5 Priority Handling
- 13.5.1 Priority Handling – Field Descriptions
- 13.5.2 Operational Summary
- 13.5.3 Key Benefits
- 13.6 Adapter Configuration
- 13.6.1 Adapter Configurations – Field Descriptions
- 13.6.2 Operational Behavior Example
- 13.6.3 Key Benefits
- 13.7 License Module
- 13.7.1 License Management – Field Descriptions
- 13.7.2 Operational Workflow
- 13.7.3 Key Benefits
- 14. Data Gateway Components
-
15. Connectivity and Authentication
- 15.1 Scenario: File Transfer through File Client, where Partner Connects to Your Server
- 15.2 Scenario: File Transfer through File Client, where You connect to Partner’s Remote Server
- 15.3 Push-Push Scenario
- 15.4 Scenario: File Transfer through AS2, push to partner and push to gateway
- 15.5 IP Allowlist & Rate Limiting
- 15.5.1 IP allowlisting
- 15.5.2 Rate Limiting
-
16. SAML Authentication and Authorization with Okta
- 16.1 What is SAML?
- 16.2 What is SAML Used For?
- 16.3 How SAML Works
- 16.4 Configuring SAML Authentication and Authorization in Okta
- 16.4.1 Prerequisites
- 16.4.2 Steps to Configure SAML in Okta
- 16.4.3 Download Identity Provider Metadata
- 16.4.4 Application Configuration (application.yml)
- 16.5 User Management for IDP Users
- 16.6 Common Troubleshooting Issues
-
17. Alert Management
- 17.1 File Not Received (FNR) Alert
- 17.2 File Not Received (FNR) Alert Timing Options
- 17.2.1 FNR Current Day Minutes
- 17.2.2 FNR Current Day Hours Scenario
- 17.2.3 FNR Daily Days Scenario
- 17.2.4 FNR Daily Weekdays Scenario
- 17.2.5 FNR Weekly Between Scenario
- 17.2.6 FNR Weekly Day of Week Scenario
- 17.2.7 FNR Monthly Specific Day Scenario
- 17.2.8 FNR Monthly On Scenario
- 17.2.9 FNR Monthly Interval Check Scenario
- 17.2.10 FNR Quarterly Scenario
- 17.2.11 FNR Yearly Every Scenario
- 17.2.12 FNR Yearly On The Scenario
- 17.3 File Load Alert (FLA Alert)
- 17.4 Manage Alerts
- 18. Cloud-Cloud File Transfer
- 19. OAuth 2.0 Authentication
- 20. ICAP Integration
- 21. Data Gateway APIs
19. OAuth 2.0 Authentication
19.1 What is OAuth 2.0?
OAuth 2.0 (Open Authorization 2.0) is an industry-standard protocol for authorization that enables applications to obtain limited access to user accounts on an HTTP service. It works by delegating user authentication to the service that hosts the user account and authorizing third-party applications to access that user account. OAuth 2.0 provides specific authorization flows for different types of applications including web applications, desktop applications, mobile devices, and IoT devices. Unlike traditional authentication mechanisms where credentials are shared, OAuth 2.0 uses access tokens to grant access to protected resources.19.2 What is OAuth 2.0 Used For?
OAuth 2.0 simplifies secure API access and service-to-service authentication by separating authentication from authorization. The key benefits include:- Secure API Access: External systems can access protected endpoints without sharing credentials
- Token-Based Security: Short-lived access tokens reduce the risk of credential theft
- Flexible Integration: Supports multiple authentication flows for different use cases
- Non-Intrusive Implementation: Works alongside existing authentication mechanisms (JWT, SAML, LDAP)
- Role-Based Authorization: Identity providers can pass user roles and groups for fine-grained access control
19.3 How OAuth 2.0 Works
- Client Requests Access Token: The client application requests an access token from the authorization server (Okta)
- Authorization Server Authenticates: Okta verifies client credentials and issues an access token
- Client Accesses Protected Resource: The client includes the access token in API requests using the Authorization: Bearer <token> header
- Resource Server Validates Token: The application validates the token with Okta’s introspection endpoint
- User is Granted Access: Upon successful validation, the application grants access based on the token’s scope and groups
19.4 Configuring OAuth 2.0 Authentication in Okta
19.4.1 Prerequisites
- An active Okta account with administrative access
- Administrative access to the Data Gateway application
- Understanding of OAuth 2.0 grant types (Client Credentials flow recommended for API access)
19.4.2 Steps to Configure OAuth 2.0 in Okta
- Create an OAuth 2.0 Application in Okta
- Log into your Okta Admin Console
- Navigate to Applications → Applications
- Click Create App Integration
- OIDC – OpenID Connect
- Click Next
- Configure Application Settings
- Enter an Application name (e.g., “Data Gateway API”)
- Enter the call back URL to where the idp needs to send the rensponse containing the authorisation code
- Select appropriate Grant types:
- Client Credentials (for machine-to-machine communication)
- Authorization Code (for user-based authentication)
- Click Save
- Note Client Credentials
- Client ID: Unique identifier for your application
- Client Secret: Secret key for authentication (keep this secure)
- Okta Domain: Your Okta organization URL (e.g., https://dev-123456.okta.com)
- Configure Authorization Server
- Navigate to Security → API → Authorization Servers
- Select the default authorization server or create a custom one
- Note the Issuer URI (e.g., https://dev-123456.okta.com/oauth2/default)
- Configure Scopes if needed for fine-grained access control
- Create and Assign Groups
- Under Assignments, add the users or groups who should have access to the application.
- Click on ‘Add Person’, provide the user details, and click on ‘Save’. The user will receive a ‘Set Password’ link if the ‘I will set password’ checkbox is selected.
- Create groups matching your application roles:
- super_admin
- admin
- business_user
- Assign users to appropriate groups
- After successfully assigning the application to the user and user can be able to see assigned application like mentioned below
- Configure Claims (Optional)
- In the Authorization Server, go to Claims tab
- Ensure the groups claim is included in access tokens
- Configure Access policies type as Groups with filter matching your group names
19.5 Application Configuration (application.yml)
The OAuth 2.0 configurations need to be provided in the Data Gateway application configuration:
Now the user will be able to access the endpoint with the help of the access token issued by the OAuth 2.0 application configured in the respective IDP.
If the IDP authentication is successful, we can find a access token in the response which can be used to access the application API’s.
