Okta Browser Plugin permissions: Chrome

Okta Browser Plugin requires the following permissions in Chrome:


Permission Why Okta Browser Plugin needs it


To open a new tab when the user:


Because the plugin inherits the session ID and device token cookies from the end-user dashboard, which it uses to make its API calls for SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.. This enables the server to verify the user and make sure the POST requests are coming from a valid plugin user



To inject the content script into https:// web pages on the internet.

It enables the plugin to:


To access the chrome.management API.


To access the chrome.storage API.


To store HTML5 clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. -side data.


To hook into the request lifecycle to do various tasks.


To detect whether the plugin is installed on the user's computer.


We use this permission to detect when a DOM is loaded. After the DOM is loaded we inject the content scripts into the web page. This is required for the auto-login and SWA functionality to work correctly.