This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.
Switch between multiple Okta accounts using the plugin
The Okta Account Chooser allows end usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. to switch easily between multiple Okta accounts through the Okta browser plugin. The feature prompts signed-in end users to trust or reject subsequent Okta accounts the first time they access those accounts. Over time, end users create an easily accessible list of their Okta accounts through the Okta Plugin icon.
We recommend that you provide these instructions to your end users to help them use this feature.
- While already signed in to Okta, access another Okta account that you have not trusted When an account is trusted, the Okta browser plugin will sign the end user in to the account and start showing the account's applications in the Your Apps list. yet.
- Click the blue Okta Plugin icon in the browser toolbar.
- If the Trust / Reject options appear in the Your Apps menu, do either of the following:
- Click Trust if you trust the account. The red banner disappears, all SWA apps on the dashboard become accessible, and the account is added to your account chooser list.
- Click Reject if you don't trust the account or if you don't want the plugin to take any action on the account. If you decide later that you want to trust the account, you can make the Trust option display by refreshing the page or signing-in to the account again.
Note: (Chrome, Edge, and Firefox browsers only) A red square on top of the blue Okta Plugin icon indicates that the Trust/Reject options are available.
A banner displays in the end-user dashboard prompting you to trust the account if you trust it. SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully. apps on the dashboard are inaccessible until you trust the account. (SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. apps (if any) are accessible on the dashboard whether or not you click Trust because they don't require the plugin.)
- Click the blue Okta Plugin icon in the browser toolbar. Don't see the icon?
- Click the Account Chooser icon. Screenshot
- Click the account in the list that you want to switch to.
- To remove an account from the account chooser, click the icon.
The active account is indicated by a blue ribbon on the side.