ThomasK.59163 (Customer) asked a question.
When a user signs out of Okta, they are prompted for credentials the next time they load the Okta Dashboard.
Then, the Okta Browser Plugin loads successfully.
If the user then just closes their browser (does not click Username-> Sign Out), when they re-open their browser, the Okta Dashboard Page loads, but the Okta Browser Plugin does not load and shows a pop-up to install it. If the user reloads (hits refresh on the browser) the Okta Dashboard page in the browser, the pop-up message does not re-appear and the user can click on an SWA tile and provide credentials to log into it.
We would like the Okta Dashboard to prompt the user for credentials at every login so that the browser plugin loads silently with it. We currently do not allow Persistent Cookies per our Global Session Policy, but for some reason, there seems to be some cookie persisting when the user just closes their Chrome browser. Any help or insight is appreciated. We are on OIE.
Hello @ThomasK.59163 (Customer) Thank you for reacting out to our Community!
I have attached below a few documents, in which what cookies are required for a good functionality for your Org. I would recommend using these to block the necessary cookies so that when users close their browsers the session is terminated as well.
https://developer.okta.com/docs/guides/session-cookie/main/
https://support.okta.com/help/s/article/FAQ-How-Blocking-Third-Party-Cookies-Can-Potentially-Impact-Your-Okta-Environment?language=en_US
https://help.okta.com/en-us/content/topics/security/okta-allow-cookies.htm
Community members help others by clicking Like or Select as Best on responses. Try it today.
Earn Today: New Okta Community Badges Have Arrived
Ask the experts about Okta Privileged Access
Once they close the browser and re-open, the Okta Dashboard (with all tiles visible) just appears without any prompting. The more curious thing is, if a user clicks on a tile, THEN the prompt for creds appears. So it’s as if the home page is loading but the session truly was terminated.
TK
Hello @ThomasK.59163 (Customer) That is an odd behaviour, I would recommend to open a case with Support for additional investigation.
If allowing a session-only cookie works, that saves me from having to block the cookie outright.
Thanks,
TK
Interested to see if adding in the 3rd party cookie for our Okta page works as well. We are experiencing the exact same issue at the company I work for and it is really annoying.
https://admx.help/?Category=Chrome&Policy=Google.Policies.Chrome::CookiesSessionOnlyForUrls
Once enabled, we added our Okta URL to the list and pushed the GPO out to a few test users and so far it's working.
This is really kinda dumb though... I would think by disabling cookie persistence through the Global Session Policy, it "should" include the cookie for the Okta URL too.
It's counterintuitive to how an end user's login workflow operates.
TK
Appreciate it! We just started having this happen like a month ago or so and it's been quite annoying for staff. I let our help desk team know to give that a shot and will most likely add in the GPO after a few test cases.