Okta Browser Plugin permissions for web extensions
Okta Browser Plugin requires the following permissions in Chrome:
|Why Okta Browser Plugin needs it
To open a new tab when the user performs the following tasks.
|Because the plugin inherits the session ID and device token cookies from the End-User Dashboard that it uses to make its API calls for SWA. This enables the server to verify the user and ensure that the POST requests are coming from a valid plugin user.
To inject the content script into https:// web pages on the internet.
It enables the plugin to do the following:
|To access the chrome.management API.
|To prevent browser extension prompts to save the passwords of their apps defined in Okta during single sign-on. Given that theOkta extension manages these passwords, this is an optional permission that Okta end-users can opt into.
To access the chrome.managementAPI, to store and access Okta a third-party app metadata that identifies the app. This data is cached in extension local storage to minimize server-side API calls for that metadata information.
|To provide an unlimited quota for storing client-side Okta third-party app data, which has the potential to rarely exceed 5 MB of local storage.
To hook into the request lifecycle to do various tasks required for single sign-on and identifying the extension to the End-User Dashboard.
|To detect whether the plugin is installed on the user's computer.
|To detect when a DOM is loaded. After the DOM is loaded, Okta Browser Plugin injects the content scripts into the web page. This is required for the auto-login and SWA functionality to work correctly.