97hgk (97hgk) asked a question.
Hello,
I have successfully integrated my Okta instance with my Salesforce instance via SSO. I can login successfully via SP and IdP initiated logins. I am now trying to use conditional access with Okta to enable access for Salesforce to enforce access only from Chrome or Edge.
I'm guessing the closest I've gotten to achieving this is by creating an Authentication Policy under: Security => Authentication Policies => Policy Name "Any two factors" Applies to "Salesforce" => Rules => Add rule => AND The following custom expression is true => ?????
There is a link to "Expression language reference" and I'm guessing that I should be able to use some syntax that indicates that checks what browser agent I'm using and then proceed with authentication or not for Chrome or Edge?
Am I going down the right path? If so, does someone have the proper syntax? I can syntax relating to users, devices, etc. but not browsers or applications.
Or is there a better way to achieve this?
Thank you,
Shoji
Hi @97hgk (97hgk) , Thank you for reaching out to the Okta Community!
I don't currently have the means to test it out myself, but you might be able to set up an Okta Expression Language syntax similar to what is mentioned here , using the browser instead.
request.userAgent.browser == "CHROMIUM_EDGE" || request.userAgent.browser == "CHROME"
I extrapolated the data from what I'm seeing being registered in the Okta system logs.
When my user signed in, it generated an event and by filtering it is seems to be referring to the browser property as " client.userAgent.browser eq "CHROME" " .
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--
Ask Us Anything thru 7/14: Okta WIC leadership want to hear from you