This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, contact Okta Support.

Switch between Okta accounts using the Okta Browser Plugin

The Okta Account Chooser allows end usersEnd users are people in your org without administrative control. They can authenticate into apps from the icons on their My Applications home page, but they are provisioned, deprovisioned, assigned, and managed by admins. to switch easily between multiple Okta accounts through the Okta browser plugin. The feature prompts signed-in end users to trust or reject subsequent Okta accounts the first time they access those accounts. Over time, end users create an easily accessible list of their Okta accounts through the Okta Plugin icon.



We recommend that you provide these instructions to your end users to help them use this feature.


Trust an Okta account and add it to the account chooser

  1. While already signed in to Okta, access another Okta account that you have not trusted When an account is trusted, the Okta browser plugin will sign the end user in to the account and start showing the account's applications in the Your Apps list. yet.
  2. A banner displays in the end-user dashboard prompting you to trust the account if you trust it. SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps on the dashboard are inaccessible until you trust the account. (SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IdP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on an app, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. apps (if any) are accessible on the dashboard whether or not you click Trust because they don't require the plugin.)

  3. Click the blue Okta Plugin icon in the browser toolbar.
  4. If the Trust / Reject options appear in the Your Apps menu, do either of the following:
    • Click Trust if you trust the account. The red banner disappears, all SWA apps on the dashboard become accessible, and the account is added to your account chooser list.
    • Click Reject if you don't trust the account or if you don't want the plugin to take any action on the account. If you decide later that you want to trust the account, you can make the Trust option display by refreshing the page or signing-in to the account again.
    • Note: (Chrome, Edge, and Firefox browsers only) A red square on top of the blue Okta Plugin icon indicates that the Trust/Reject options are available.


Show the account chooser and switch accounts

  1. Click the blue Okta Plugin icon in the browser toolbar.
  2. Click the Account Chooser icon.
  3. The active account is indicated by a blue ribbon on the side.

  4. Click the account in the list that you want to switch to.
  5. To remove an account from the account chooser, click the icon.


If you can't find the Okta Browser Plugin icon

Typically, the blue Okta Plugin icon is present on the browser toolbar. If you don't see the icon, it may be hidden. To unhide it:

  • Chrome – Click the Chrome menu ( ), right-click the blue Okta Plugin icon, and then select Keep in Toolbar.
  • Firefox – Click the Firefox menu ( ), click Customize, and then drag the blue Okta Plugin icon to the desired location on the browser toolbar.
  • Internet Explorer – Click the Tools menu ( ), click Manage Add-ons, click the item Okta toolbar, and then click Enable.
  • Safari – Right-click anywhere on the browser toolbar, click Customize Toolbar, and then drag the Your Apps icon to the desired location on the browser toolbar.


Related topics

Manage dashboard tabs for end users

Configure your custom end user portals to leverage the Okta browser plugin

About the Okta Browser Plugin