Okta Browser Plugin permissions - Chrome

Okta Browser Plugin requires the following permissions in Chrome:

Permission Why Okta Browser Plugin needs it

To open a new tab when the user:

cookies Because the plugin inherits the session ID and device token cookies from the end-user dashboard, which it uses to make its API calls for SWAAn acronym for Secure Web Authentication. SWA is a SSO system developed by Okta to provide single sign-on for apps that don't support proprietary federated sign-on methods or SAML. Users can enter their credentials for these apps on their homepage. These credentials are stored such that users can access their apps without entering their credentials each time. When users first sign-in to a SWA app from their homepage, they see a pop-up message asking if they were able to sign-in successfully.. This enables the server to verify the user and make sure the POST requests are coming from a valid plugin user

To inject the content script into https:// webpages on the internet.

It enables the plugin to:

management To access the chrome.management API.
storage To access the chrome.storage API.
unlimitedStorage To store HTML5 clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. -side data.

To hook into the request lifecycle to do various tasks.

webRequestBlocking To detect whether the plugin is installed on the user's computer.
webNavigation We use thi spermision to detect when a DOM is loaded. After the DOM is loaded we inject the content scripts into the web page. This is required for the autologin and SWA functionality to work correctly.