Okta Browser Plugin permissions: Chrome

Okta Browser Plugin requires the following permissions in Chrome:

 

Permission Why Okta Browser Plugin needs it

tabs

To open a new tab when the user:

cookies

Because the plugin inherits the session ID and device token cookies from the end-user dashboard, which it uses to make its API calls for SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.. This enables the server to verify the user and make sure the POST requests are coming from a valid plugin user

https://*/

http://*/

To inject the content script into https:// web pages on the internet.

It enables the plugin to:

management

To access the chrome.management API.

storage

To access the chrome.storage API.

unlimitedStorage

To store HTML5 clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. -side data.

webRequest

To hook into the request lifecycle to do various tasks.

webRequestBlocking

To detect whether the plugin is installed on the user's computer.

webNavigation

We use this permission to detect when a DOM is loaded. After the DOM is loaded we inject the content scripts into the web page. This is required for the auto-login and SWA functionality to work correctly.

 

 

Top