A Secure Web Authentication (SWA) application fails to auto-populate credentials due to browser cache conflicts, mismatched authentication policies, or dynamic login pages. Resolution involves clearing the browser cache, aligning authentication policies, or adjusting the application configuration for dynamic pages. The observable symptom is that a new or existing SWA application does not autofill the user's credentials.
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Secure Web Authentication (SWA)
- Template App Plugin
This issue occurs due to browser cache conflicts, an outdated Okta browser plugin, mismatched authentication policies, or dynamic login pages that prevent the plugin from selecting fields and auto-populating credentials.
How are basic browser and Okta plugin issues resolved?
Clear the browser cache, reinstall the Okta browser plugin, and verify the custom application configuration by following these steps.
- Clear the cache and cookies from the browser.
- Reinstall the Okta browser plugin.
- Verify the configuration, including the URL and the Cascading Style Sheets (CSS) selectors, if the application is a custom SWA application.
- Access the SWA application again.
Verify the Authentication Policies
Check the tenant for conflicting authentication policies and modify them to align if both of the following conditions exist.
- An authentication policy allows the Template Plugin App to authenticate with only one-factor authentication (1FA).
- An authentication policy requires multi-factor authentication (MFA) for the Okta browser plugin.
How are dynamic login pages handled?
If the login flow still fails, the application might use a dynamic login page. A dynamic login page generates content in real time and prevents the Okta browser plugin from selecting fields and auto-populating credentials. The Okta browser plugin prompts for saving credentials on static sites that support SWA. If the website URL is unique every time it is clicked, it is a dynamic webpage.
Configure the Template Plugin App to use only the domain name in the redirect field to bypass dynamic deep links.
- Enter the domain name of the redirect link (e.g.,
[https://login.<domain.com>](https://login.exampledomain.com/))in the Redirect field of the Template Plugin App.
NOTE: The dynamic deep links of the redirect URL always match the domain name part.
Implement Alternative Workarounds for Dynamic Pages
Implement one of the following alternative workarounds if the domain name configuration does not resolve the issue.
- If the login form uses an iframe HTML element, configure the application using Setting up a SWA App Using a Template Frame Plugin App.
- If the website uses dynamic selectors, configure the application using How to Set Up any Template SWA Plugin App that uses Dynamic Selectors.
