Okta Browser Plugin Permissions for Web Extensions
Okta Browser Plugin requires the following permissions in Chrome:
|Permission||Why Okta Browser Plugin needs it|
To open a new tab when the user:
|cookies||Because the plugin inherits the session ID and device token cookies from the end-user dashboard, which it uses to make its API calls for SWA. This enables the server to verify the user and make sure the POST requests are coming from a valid plugin user|
To inject the content script into https:// web pages on the internet.
It enables the plugin to:
|management||To access the chrome.management API.|
|privacy||This is an optional permission that Okta end-users can opt into if they want to prevent browser extension prompts to save the passwords of their apps defined in Okta during single sign-on, given that the Okta extension is managing these particular passwords.|
To access the chrome.management , which is needed to store/access Okta third-party app metadata such as app login links, app logo links and other info that identifies the app. This data is cached in extension local storage to minimize server-side API calls for that metadata information.
|unlimitedStorage||Provides an unlimited quota for storing client-side Okta third-party app data, which has the potential to rarely exceed 5MB of local storage.|
The extension needs to hook into the request lifecycle to do various tasks required for single sign-on and identifying the extension to the end-user dashboard.
|webRequestBlocking||To detect whether the plugin is installed on the user's computer.|
|webNavigation||We use this permission to detect when a DOM is loaded. After the DOM is loaded we inject the content scripts into the web page. This is required for the auto-login and SWA functionality to work correctly.|