Okta Browser Plugin Permissions for Web Extensions
Okta Browser Plugin requires the following permissions in Chrome:
|Permission||Why Okta Browser Plugin needs it|
To open a new tab when the user:
|cookies||Because the plugin inherits the session ID and device token cookies from the End-User Dashboard that it uses to make its API calls for SWA. This enables the server to verify the user and ensure that the POST requests are coming from a valid plugin user.|
To inject the content script into https:// web pages on the internet.
It enables the plugin to:
|management||To access the chrome.management API.|
|privacy||To prevent browser extension prompts to save the passwords of their apps defined in Okta during single sign-on. Given that theOkta extension manages these passwords, this is an optional permission that Okta end-users can opt into.|
To access the chrome.managementAPI, to store and access Okta a third-party app metadata that identifies the app. This data is cached in extension local storage to minimize server-side API calls for that metadata information.
|unlimitedStorage||To provide an unlimited quota for storing client-side Okta third-party app data, which has the potential to rarely exceed 5 MB of local storage.|
To hook into the request lifecycle to do various tasks required for single sign-on and identifying the extension to the End-User Dashboard.
|webRequestBlocking||To detect whether the plugin is installed on the user's computer.|
|webNavigation||To detect when a DOM is loaded. After the DOM is loaded, Okta Browser Plugin injects the content scripts into the web page. This is required for the auto-login and SWA functionality to work correctly.|