Silently install the Okta Browser Plugin: Internet Explorer

Installation options

You have several installation options when installing the Okta browser plugin 5.x for IE. The following chart may help you choose the best options for your environment.

Installation options Requires end user interaction? 'Choose Add-ons' button appears? Number of browser restarts
Classic installation Yes Yes 2
Classic with white-listing Yes No 1
Silent mode without white-listing


Yes 2
Silent mode with white-listing No No 1



This procedure has two parts: A. Enable silent mode and B. Configure white-listing.

Steps are as follows:

A. Enable Silent Mode

  1. From the AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. Dashboard, go to Settings > Downloads and download the .msi or .exe version of the plugin for Internet Explorer.
  2. To run the installer in silent mode on Internet Explorer (IE), use the following command line parameters,

    okta.swaAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in /q /q

    ...where x.x.x is the version number of the installer.

    If you are installing the plugin in silent mode on Internet Explorer 10 or later, you must whitelist your installations (Part B) so that user interaction is not required.

    If you run either installer as a local administrator in the user space, then the next time end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. open the browser, they are prompted to enable add-ons. After installation, a browser launches and the user is prompted to click Choose add-ons.

    If you do not run the installer as a local administrator in the user space and the user has Internet Explorer open, the installer fails to close the browser and the installation fails.

  1. Use the following batch file to force all running instances of Internet Explorer on the machine to close and then run the silent installation of the browser plugin:
  2. c:\windows\system32\Taskkill /IM iexplore.exe /F

    c:\windows\system32\msiexec.exe /i %LMI_PACKAGEROOT%\ /q

    echo %ERRORLEVEL%

    This can be especially helpful if you are using LogMeIn without administrator rights to install the plugin. If you attempt to use the commands natively instead of using the batch file, the Taskkill returns a 123 and causes LogMeIn to abort.

  3. Configure whitelisting as described in Part B.




If you're installing in silent mode on Windows 7, users are prompted to restart their browsers.



B. Configure white-listing

Configure white-listing to suppress the appearance of the Choose add-ons button during the plugin installation so that end users cannot interfere with the installation.

For a Windows OS, Internet Explorer uses a CLSID (class identifier) to set the whitelisting policy. To set this policy on your system, do the following:

  1. Close IE if it is running.
  2. Open the Local Group Policy Editor.
  3. Go to Start, type gpedit.msc in the search field, and then click Edit Group Policy.
  4. Navigate to the appropriate path for your version of IE:
  5. IE 10

    User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management > Add-on List

    IE 11

    Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management > Add-on List

  1. Double-click Add-on List.
  2. Add-onList.jpg

  3. Click Show... under Options.
  4. In the Show Contents window, add the following Class IDs under Value Name (including the brackets):

    OktaBHO Class is Class ID:


    OktaIeHelper Class is Class ID:


    Note: Add OktaIeHelper Class ID only if you are running Okta plugin version 5.3.2 or earlier.

    Okta Toolbar Extension is Class ID:


    The BHO (browser helper object) is an IE plugin module that provides added functionality to the browser. OktaBHO is a custom BHO from Okta. OktaIeHelper and Okta Toolbar Extension are other types of BHO, and are also customized by Okta.

  1. In the Value column, enter 1.
  2. rawAddonList.jpg

  3. Deploy this policy to your target machines.

Now users are not prompted to enable or disable the plugin installation process during silent installation.