Okta Browser Plugin: Plugin permissions for Chrome extensions
The Okta Browser Plugin requires several permissions to work properly with Google Chrome-based browser extensions.
This permission opens a new tab in the following scenarios.
|When the plugin inherits the session ID and device token cookies from the Okta End-User Dashboard. The plugin uses these to make API calls for SWA applications. This setting permits the server to verify the user and ensure that POST requests are coming from a valid plugin user.
To inject the content script into secure web pages on the internet.
It enables the plugin to do the following things:
|To access the chrome.management API.
|To prevent browser extensions from prompting to save application passwords during single sign-on (SSO) operations. This is an optional permission that Okta end users can opt into if they choose, as the Okta extension manages these particular passwords.
To access the chrome.management setting. Okta stores and accesses third-party app metadata in this location. This includes app login links, app logo links, and other info that identifies the app. Okta caches the data in the extension's local storage to minimize server-side API calls for that metadata information.
|To provide an unlimited quota for storing client-side Okta third-party app data. This rarely exceeds 5 MB of local storage.
To hook into the request lifecycle to perform any tasks required for SSO and to identify the extension to the Okta End-User Dashboard.
|To detect if the user's system has the plugin installed.
|To detect when the browser loads the Document Object Model (DOM). After the DOM is loaded, Okta injects the content scripts into the web page. Okta requires this permission for the automatic sign-in and SWA functionality to work correctly.