Silently install the Okta browser plugin using policy settings Skip to main content
https://support.okta.com/help/oktaarticledetailpage?childcateg=&id=ka02a0000005u8wsaq&source=documentation&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fdocumentation%2fknowledge_article%2fsilently-install-the-okta-browser-plugin-using-policy-settings-1980314228
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Average Rating:
Silently install the Okta browser plugin using policy settings
Published: Sep 14, 2017   -   Updated: May 15, 2018

okta-doc-source

Silently install the Okta browser plugin using policy settings

If you are working in a managed IT environment and remotely installing the browser plugin to managed computers, you can install the plugin silently using policy settings. During silent installation, no dialog boxes appear that require user interaction and users cannot change the installation settings. See the procedure below appropriate for your browser.

Note: Currently, Microsoft Edge and Safari browsers do not support silent installation of extensions such as the Okta browser plugin.

Internet Explorer

Installation options

You have several installation options when installing the Okta browser plugin 5.x for IE. The following chart may help you choose the best options for your environment.

Installation optionsRequires end user interaction?Choose add-ons button appears?Number of browser restarts
Classic installationYesYes2
Classic with whitelistingYesNo1
Silent mode without whitelisting

No

Yes2
Silent mode with whitelistingNoNo1

This procedure has two parts:

Part Ⓐ – Enable Silent Mode
  1. From the Admin dashboard, go to Settings > Downloads and download the .msi or .exe version of the plugin for Internet Explorer.
  2. To run the installer in silent mode on Internet Explorer (IE), use the following command line parameters,
    • okta.swa.ie-x.x.x.exe /q
    • okta.swa.ie-x.x.x.msi /q

    ...where x.x.x is the version number of the installer.

    If you are installing the plugin in silent mode on Internet Explorer 10 or later, you must whitelist your installations so that user interaction is not required.

    If you run either installer as a local administrator in the user space, then the next time end users open the browser, they are prompted to enable add-ons. After installation, a browser launches and the user is prompted to click Choose add-ons.

    If you do not run the installer as a local administrator in the user space and the user has Internet Explorer open, the installer fails to close the browser and the installation fails.

  1. Use the following batch file to force all running instances of Internet Explorer on the machine to close and then run the silent installation of the browser plugin:
  2. c:\windows\system32\Taskkill /IM iexplore.exe /F

    c:\windows\system32\msiexec.exe /i %LMI_PACKAGEROOT%\okta.swa.ie-x.x.x.msi /q

    echo %ERRORLEVEL%

    This can be especially helpful if you are using LogMeIn without administrator rights to install the plugin. If you attempt to use the commands natively instead of using the batch file, the Taskkill returns a 123 and causes LogMeIn to abort.

  3. Configure whitelisting as described in Part B.

Note: If you're installing in silent mode on Windows 7, users are prompted to restart their browsers.

Part Ⓑ – Configure whitelisting

Configure whitelisting to suppress the appearance of the Choose add-ons button during the plugin installation so that end users cannot interfere with the installation.

For a Windows OS, Internet Explorer uses a CLSID (class identifier) to set the whitelisting policy. To set this policy on your system, do the following:

  1. Close IE if it is running.
  2. Open the Local Group Policy Editor.
  3. Go to Start, type gpedit.msc in the search field, and then click Edit Group Policy.
  4. Navigate to the appropriate path for your version of IE:
  5. IE 10

    User Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management > Add-on List

    IE 11

    Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management > Add-on List

  1. Double-click Add-on List.
  2. plugin1

  3. Click Show... under Options.
  4. In the Show Contents window, add the following Class IDs under Value Name (including the brackets):

    OktaBHO Class is Class ID:

    {E411779C-5CFE-413F-A57B-18C55A4EFADA}

    OktaIeHelper Class is Class ID:

    {302700E7-59EF-49EC-9439-EA590552D1ED}

    Note: Add OktaIeHelper Class ID only if you are running Okta plugin version 5.3.2 or earlier.

    Okta Toolbar Extension is Class ID:

    {8C938A58-9A96-4A95-929D-C8C28C639C32}

    The BHO (browser helper object) is an IE plugin module that provides added functionality to the browser. OktaBHO is a custom BHO from Okta. OktaIeHelper and Okta Toolbar Extension are other types of BHO, and are also customized by Okta.

  1. In the Value column, enter 1.
  2. plugin2

  3. Deploy this policy to your target machines.

Now users are not prompted to enable or disable the plugin installation process during silent installation.

Chrome
  1. Install the Chrome GPO template:
    1. Download the zip file:

      https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

    2. Unpack the zip file to a directory (for example, C:\ChromePolicy).
  2. Configure a Group Policy:
    1. Launch the Group Policy Management Console.

      Note: If you are creating a new policy, perform step (b); if you have an existing policy to which you want to add the Chrome Plugin installation, skip ahead to step (c).

    2. Right-click the OU that contains the systems to which you want to apply the policy, click Create a GPO in this domain, and Link it here, and then name the policy accordingly (for example, Okta Chrome Plugin Installation).
    3. Right-click the policy and click Edit.
    4. Expand Local Computer Policy / Computer Configuration / Administrative Templates.
    5. Right-click Administrative Templates and select Add/Remove Templates.
    6. Click Add and navigate to:

      C:\<Directory specified in step 1 above>\policy_templates\windows\adm\en-US

    7. Choose chrome.adm.

      Google / Google Chrome folders appear under Administrative Templates or Classic Administrative Templates (depending on your version of Windows):

      GPO_GoogleFolder

    8. Expand Local Computer Policy / Computer Configuration / Administrative Templates / Classic Administrative Templates (ADM) / Google / Google Chrome / Extensions.
    9. In the right pane, right-click Configure the list of force-installed apps and extensions and then click Edit.
    10. Click Enabled.
    11. Click Show.
    12. Enter the following in the value field, and then click OK:

      glnpjglilkicbckjpbgcfkogebgllemb;https://clients2.google.com/service/update2/crx
    13. Click OK, and then click OK again to close the policy configuration window.
    14. In the Group Policy Management console, right-click the newly-created policy and ensure that Link Enabled and Enforced are both selected.
  3. Test the policy:
    1. On a computer that is joined to the domain and belongs to the OU to which the GPO applies, launch a command prompt.
    2. Enter gpupdate /force
    3. Enter gpresult /r and verify that the created policy is listed as an Applied Group Policy Object under Computer Settings.
      • If this does not appear, try running the above command again in 5 -10 minutes to rule out group policy replication delays across domain controllers.
      • If it still does not appear within 5 -10 minutes, review the previous steps to ensure that the policy is being applied and enforced and that the computer belongs to the OU to which the policy is applied.
    4. Launch Chrome and enter chrome://extensions in the address bar.

      The Okta Secure Web Authentication Plug-in appears.

For more information, see the Google article Install Chrome extensions via group policy or master_preferences

Firefox
  1. From the Admin dashboard, go to Settings > Downloads and download the plugin for Firefox.
  2. Rename the file to plugin@okta.com.xpi.

    Important: You must rename the file. Mozilla's digital signature check will fail if the file is not named plugin@okta.com.xpi.

  3. Move plugin@okta.com.xpi to the Firefox extensions directory:

    Note: You might need to create some of the following directories.

    PlatformExample Location
    Windows

    C:\Program Files\Mozilla Firefox\browser\extensions\plugin@okta.com.xpi

    Mac OSX/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/plugin@okta.com.xpi
    Linux

    /usr/lib/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/plugin@okta.com.xpi

  4. Set up configuration files that cause Firefox to enable the Okta plugin by default.

    Important: If you do not set up these configuration files, the Okta plugin will be disabled by default. The next time users log in, a splash screen will display asking whether to enable the plugin.

  5. Create a text file called okta-mozilla.cfg with the following contents:

    // Don't skip this comment. If the first line is not a comment, the file will not load.

    lockPref("extensions.autoDisableScopes", 0); // Don't show the 'enable plugin' splash screen.

  6. Save okta-mozilla.cfg to the Firefox install directory.

    PlatformExample Location
    WindowsC:\Program Files\Mozilla Firefox\okta-mozilla.cfg
    Mac OSX/Applications/Firefox.app/Contents/Resources/okta-mozilla.cfg
    Linux

    /usr/lib/firefox/okta-mozilla.cfg

  7. Create a text file called okta-prefs.js with the following contents:

    // Don't skip this comment. If the first line is not a comment, the file will not load.

    pref("general.config.obscure_value", 0); // Don't use ROT13 encoding for the config file.

    pref("general.config.filename", "okta-mozilla.cfg"); // Tell Firefox to load the okta-mozilla config file.

  8. Save okta-prefs.js to the /defaults/pref subdirectory of the Firefox install directory:

    PlatformExample Location
    WindowsC:\Program Files\Mozilla Firefox\defaults\pref\okta-prefs.js
    Mac OSX/Applications/Firefox.app/Contents/Resources/defaults/pref/okta-prefs.js
    Linux/usr/lib/firefox/defaults/pref/okta-prefs.js
  9. Open Firefox.

    The Okta aura should appear in the upper right side of the toolbar.

    silentinstall1

For more information on Firefox extensions, see https://developer.mozilla.org/en-US/docs/Installing_extensions.

Post a Comment