Silently install Okta Browser Plugin on Internet Explorer
Okta no longer supports IE. Okta recommends that customers delete the IE plugin installer and use a supported browser.
You have several installation options when installing the Okta Browser Plugin. Use the following chart to choose the best option for your environment.
Installation options | Requires end-user interaction? | 'Choose Add-ons' button appears? | Number of browser restarts |
---|---|---|---|
Classic installation | Yes | Yes | 2 |
Classic with allow listing | Yes | No | 1 |
Silent mode without allow listing |
No |
Yes | 2 |
Silent mode with allow listing | No | No | 1 |
Task 1: Enable Silent Mode
- In the Admin Console, go to .
- Download the .msi or .exe version of the plugin for Internet Explorer.
- To run the installer in silent mode on Internet Explorer, use the following command-line parameters:
okta.swa.ie-x.x.x.exe /q okta.swa.ie-x.x.x.msi /q
Replace x.x.x with the version number of the installer.
Limitations
- You must add your installation to your allowlist so that user interaction isn't required.
- If you run either installer as a local administrator in the user space, then the next time end users open the browser, they're prompted to enable add-ons. After installation, a browser launches and prompts the user to click Choose add-ons.
- If you don't run the installer as a local administrator in the user space and the user has Internet Explorer open, the installer fails to close the browser, and the installation fails.
-
Use the following batch file to force all running instances of Internet Explorer on the machine to close and then run the silent installation of the browser plugin:
c:\windows\system32\Taskkill /IM iexplore.exe /F c:\windows\system32\msiexec.exe /i %LMI_PACKAGEROOT%\okta.swa.ie-x.x.x.msi /q echo %ERRORLEVEL%
This can be especially helpful if you're using LogMeIn without administrator rights to install the plugin. If you attempt to use the commands natively instead of using the batch file, the Taskkill command returns a 123 and causes LogMeIn to abort.
If you're installing in silent mode on Windows 7, users are prompted to restart their browsers.
Task 2: Configure Allowlist
Configure an allowlist to suppress the appearance of the Choose add-ons button during the plugin installation. This prevents end users from interfering with the installation.
On Windows, Internet Explorer uses a CLSID (class identifier) to set the allowlist policy. To set this policy on your system:
- Close Internet Explorer.
- Open the Local Group Policy Editor.
- Go to Start, type gpedit.msc in the search field, and then click Edit Group Policy.
- Go to the appropriate path for your version of Internet Explorer:
Internet Explorer 10:
Internet Explorer 11:
- Double-click Add-on List.
- Click Show... under Options.
- In the Show Contents window, add each of the following Class ID values under Value Name (including the brackets):
Class ID Value name Value OktaBHO Class {E411779C-5CFE-413F-A57B-18C55A4EFADA} 1 OktaIeHelper Class {302700E7-59EF-49EC-9439-EA590552D1ED} 1 Okta Toolbar Extension {8C938A58-9A96-4A95-929D-C8C28C639C32} 1 Add OktaIeHelper Class ID only if you're running Okta plugin version 5.3.2 or earlier.
The BHO (browser helper object) is an Internet Explorer plugin module that provides added functionality to the browser. OktaBHO, OktaIeHelper, and Okta Toolbar Extension are other types of BHO and are also customized by Okta.
- Deploy this policy to your target machines.
After you complete this task, Okta doesn't prompt your end users to enable or disable the plugin installation during the silent installation.