Tired of manually logging into internal tools protected by Okta SSO? okta-skill brings seamless authentication to your AI coding assistant workflow.
#
๐ฏ What is okta-skill?
okta-skill is an agent skill that automates Okta SSO authentication with Push MFA, then injects session cookies directly into your browser. No more context switching, no more manual login flows โ just tell your AI assistant where you want to go.
The Problem
When working with AI coding assistants on internal projects, you constantly need to:
- Open internal tools (admin panels, dashboards, staging environments)
- Get redirected to Okta login
- Enter credentials
- Approve Push MFA on your phone
- Get redirected back
- Lose your flow and context
This happens dozens of times per day across multiple environments (dev, QA, staging, prod).
The Solution
With okta-skill, just say: "Login to my-app QA"
The skill handles everything: authenticates via Okta API, completes Push MFA, injects the session cookie, and opens the target URL. You stay in flow.
#
๐ Zero-Config Setup
The first time you use it, just provide a URL:
"Help me login to https://my-app.qa.example.com/" The skill will:
Auto-detect Okta domain from the redirect URL #
Ask for username and password (only input needed) #
Auto-infer project and environment from the URL pattern #
Auto-discover MFA factor ID from your Okta account #
Complete the login (you just tap the Push notification)
Everything is saved to config.json
for future use. No manual configuration needed.
#
๐ฆ Installation
Using npx skills (Recommended)
Manual Installation
Prerequisites:
- Node.js 18+
agent-browser
(`npm install -g agent-browser`
)
#
๐จ Features
- Multi-Project Support
Configure multiple projects with multiple environments each:
Then use natural language:
- Session Caching
Valid Okta sessions are cached and reused. If your session is still valid, the skill skips re-authentication entirely โ just injects the cached cookie and opens the URL.
- Direct URL Login
Don't have a project configured yet? Use a direct URL:
The skill will authenticate and navigate there immediately.
- AI-Guided Configuration
Adding a new project is conversational:
"Add staging environment for admin-panel: https://admin.staging.example.com/" The skill reads your existing config, infers the project and environment names, adds the entry, and saves it back. No manual JSON editing.
#
๐ง How It Works
Technical Flow
POST /api/v1/authn with username/password โ receive stateToken
POST /api/v1/authn/factors/{factorId}/verify with stateToken
โ poll until user approves Push #
POST /api/v1/sessions with sessionToken
โ receive sessionId
agent-browser inject sid
cookie with sessionId
agent-browser open target URL โ user is authenticated
#
๐ Usage Examples
Basic Login
Setup Commands
Natural Language
The skill responds to natural trigger phrases:
-
"Login to QA"
-
"Authenticate to my-app dev"
-
"Open admin panel staging"
-
"Switch to prod environment"
-
"Help me login to https://..."
#
๐ Security
Credentials stored locally โ config.json
is git-ignored and should be chmod 600
Password filtered from output โ never appears in logs or terminal #
Session cache is ephemeral โ also git-ignored, expires with Okta's session lifetime #
No third-party services โ authenticates directly with your Okta domain
#
๐ Configuration Structure
username/password โ shared Okta credentials for all projects #
okta_domain โ your organization's Okta domain (auto-detected) #
push_factor_id โ your Push MFA factor ID (auto-discovered) #
projects โ named projects with environment-to-URL mappings
#
๐ฏ Use Cases
Perfect for:
- Developers working across multiple internal environments
- QA engineers testing in dev/staging/prod
- DevOps accessing admin panels and dashboards
- Anyone tired of repetitive Okta login flows
- Teams using AI coding assistants for internal projects
Especially useful when:
- You switch environments frequently (10+ times per day)
- Your Okta sessions expire quickly
- You work with multiple projects simultaneously
- You want to stay in flow with your AI assistant
#
๐ vs Manual Login
| Manual Login | okta-skill | | Steps | 5+ (open URL, enter credentials, approve MFA, wait for redirect) | 1 (tell AI assistant where to go) | | Context switching |
High (browser, phone, back to editor) |
Minimal (just approve Push) |
| Configuration | Remember URLs for each environment | Auto-detected and saved | | Session reuse |
Manual (hope it's still valid) |
Automatic (cached and checked) |
| Multi-project | Bookmark management | Structured config | | AI integration | None | Native โ just use natural language |
#
โ ๏ธ Limitations
Okta-specific โ only works with Okta SSO (not Auth0, Azure AD, etc.) #
Push MFA only โ currently supports Okta Verify Push (not SMS, TOTP, etc.) #
Requires agent-browser โ uses browser automation for cookie injection #
Local config โ not synced across machines (by design, for security)
#
๐ฎ Future Roadmap
- Support for other MFA methods (TOTP, SMS)
- Support for other SSO providers (Auth0, Azure AD, Google Workspace)
- Browser profile management (multiple Okta accounts)
- Session expiry notifications
- Integration with password managers
#
๐ฏ Version Info
Current Version: v1.0.0 #
Release Date: 2026-05-27
#
๐ก Tips for Best Results
Use descriptive project names โ they become your natural language commands #
Group related environments โ one project per application/service #
**Set **chmod 600 config.json
โ protect your credentials #
**Use **`--save`
for long sessions โ preserves browser state across skill invocations
Keep sessions fresh โ if you haven't used an environment in days, expect re-authentication
#
๐ค Contributing
okta-skill is part of the Agent Skills ecosystem. Contributions, feedback, and bug reports are welcome!
#
๐ Learn More
Ready to eliminate Okta login friction from your workflow? Try okta-skill today and stay in flow with your AI coding assistant!
Have you automated SSO login in your workflow? What other authentication patterns would you like to see automated? Share your thoughts in the comments below!