Silently install the Okta Browser Plugin: Chrome

  1. Install the Chrome GPO template:
    1. Download the zip file:

    2. Unpack the zip file to a directory (for example, C:\ChromePolicy).
  2. Configure a Group Policy:
    1. Launch the Group Policy Management Console.

      Note: If you are creating a new policy, perform step (b); if you have an existing policy to which you want to add the Chrome Plugin installation, skip ahead to step (c).

    2. Right-click the OUAn acronym of Organizational Unit. Organizational units are Active Directory containers into which you can place users, groups, computers, and other organizational units. It is the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority. that contains the systems to which you want to apply the policy, click Create a GPO in this domainA domain is an attribute of an Okta organization. Okta uses a fully-qualified domain name, meaning it always includes the top-level domain (.com, .eu, etc.), but does not include the protocol (https)., and Link it here, and then name the policy accordingly (for example, Okta Chrome Plugin Installation).
    3. Right-click the policy and click Edit.
    4. Expand Local Computer Policy > Computer Configuration > Administrative Templates.
    5. Right-click Administrative Templates and select Add/Remove Templates.
    6. Click Add and navigate to:


    7. Choose chrome.adm.

      Google > Google Chrome folders appear under Administrative Templates or Classic Administrative Templates (depending on your version of Windows):

    8. Expand Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Google > Google Chrome > Extensions.
    9. In the right pane, right-click Configure the list of force-installed apps and extensions and then click Edit.
    10. Click Enabled.
    11. Click Show.
    12. Enter the following in the value field, and then click OK:


    13. Click OK, and then click OK again to close the policy configuration window.
    14. In the Group Policy Management console, right-click the newly-created policy and ensure that Link Enabled and Enforced are both selected.
  3. Test the policy:
    1. On a computer that is joined to the domain and belongs to the OU to which the GPO applies, launch a command prompt.
    2. Enter gpupdate /force
    3. Enter gpresult /r and verify that the created policy is listed as an Applied Group Policy Object under Computer Settings.
      • If this does not appear, try running the above command again in 5 -10 minutes to rule out group policy replication delays across domain controllers.
      • If it still does not appear within 5 -10 minutes, review the previous steps to ensure that the policy is being applied and enforced and that the computer belongs to the OU to which the policy is applied.
    4. Launch Chrome and enter chrome://extensions in the address bar.

      The Okta Secure Web AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. Plug-in appears.

For more information, see the Google article Install Chrome extensions via group policy or master_preferences