<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
SWA Application Inaccessible from Okta Browser Plugin
Apr 11, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview

After adding a Secure Web Authentication (SWA) Application, either from the Okta Integration Network (OIN) Catalog or as a Custom app, and assigning the Application to a user, the user may experience an issue when trying to access the app through the Okta Browser Plugin. The app may appear to be loading but never fully loads.

 

Template frame

 

This article addresses the root cause and provides the solution when an app is inaccessible from the Okta Browser Plugin after the user is assigned a SWA application.

Applies To
  • Secure Web Authentication (SWA)
  • Applications
  • Okta Browser Plugin
Cause

The Okta Browser Plugin Authentication uses the same login session as when the Okta Dashboard is accessed. For the Plugin to behave identically to the Okta End User Dashboard, the Authentication Policy (in OIE) or Application Sign On Policy (in Classic) should also be identical. If these policies differ, the Plugin may not be able to use the existing session to authenticate the user to the application.

 

This can be confirmed by enabling the Okta Browser Plugin console debug/trace and observing the following error message:

 

AuthClient::getTokenWithoutPrompt: failed to obtain auth token, error = Error: login_required: The client specified not to prompt, but the user is not logged in.

 

The error indicates the plugin could not automatically retrieve the SWA login information because it could not rely on the current Dashboard session - the policy security requirements differ.

Solution

To resolve this issue, the Authentication Policies (OIE) or App Sign-On Policies (Classic) must be the identical and require the same level of security for both the Okta Browser Plugin and the Okta Dashboard. Follow these steps to review and compare these policies:

 

Okta Identity Engine (OIE)

  1. Navigate to Admin > Security > Authentication Policies.
  2. Search for the Okta Browser Plugin and review the applicable Authentication policy and rules.
  3. Search for Okta Dashboard and review the applicable Authentication policy and rules.
  4. After comparing the Authentication Policies for both applications, align both policies so that they match and adhere to the Org's established security posture.

 

Okta Classic (Classic)

  1. Navigate to Admin > Applications > Applications.
  2. Search for Okta Browser Plugin, and review the Sign On Policy and its applicable rules.
  3. Search for Okta Dashboard, and review the Sign On Policy and its applicable rules.
  4. After comparing the Sign On Policies for both applications, align both policies so that they match and adhere to the Org's established security posture.

Related References

Recommended content

Still looking for help?
Loading
SWA Application Inaccessible from Okta Browser Plugin