# Introducing okta-skill: Zero-Config Okta SSO Auto-Login for AI Coding Assistants > Source: > Published: 2026-05-27 16:04:01+00:00 Tired of manually logging into internal tools protected by Okta SSO? **okta-skill** brings seamless authentication to your AI coding assistant workflow. ## 🎯 What is okta-skill? okta-skill is an agent skill that automates Okta SSO authentication with Push MFA, then injects session cookies directly into your browser. No more context switching, no more manual login flows — just tell your AI assistant where you want to go. ### The Problem When working with AI coding assistants on internal projects, you constantly need to: - Open internal tools (admin panels, dashboards, staging environments) - Get redirected to Okta login - Enter credentials - Approve Push MFA on your phone - Get redirected back - Lose your flow and context This happens dozens of times per day across multiple environments (dev, QA, staging, prod). ### The Solution With okta-skill, just say: "Login to my-app QA" The skill handles everything: authenticates via Okta API, completes Push MFA, injects the session cookie, and opens the target URL. You stay in flow. ## 🚀 Zero-Config Setup The first time you use it, just provide a URL: "Help me login to [https://my-app.qa.example.com/](https://my-app.qa.example.com/)" The skill will: - **Auto-detect Okta domain** from the redirect URL - **Ask for username and password** (only input needed) - **Auto-infer project and environment** from the URL pattern - **Auto-discover MFA factor ID** from your Okta account - **Complete the login** (you just tap the Push notification) Everything is saved to `config.json` for future use. No manual configuration needed. ## 📦 Installation ### Using npx skills (Recommended) ### Manual Installation **Prerequisites**: - Node.js 18+ - `agent-browser` (`npm install -g agent-browser` ) ## 🎨 Features ### 1. Multi-Project Support Configure multiple projects with multiple environments each: Then use natural language: ### 2. Session Caching Valid Okta sessions are cached and reused. If your session is still valid, the skill skips re-authentication entirely — just injects the cached cookie and opens the URL. ### 3. Direct URL Login Don't have a project configured yet? Use a direct URL: The skill will authenticate and navigate there immediately. ### 4. AI-Guided Configuration Adding a new project is conversational: "Add staging environment for admin-panel: [https://admin.staging.example.com/](https://admin.staging.example.com/)" The skill reads your existing config, infers the project and environment names, adds the entry, and saves it back. No manual JSON editing. ## 🔧 How It Works ### Technical Flow - **POST /api/v1/authn** with username/password → receive `stateToken` - **POST /api/v1/authn/factors/{factorId}/verify** with `stateToken` → poll until user approves Push - **POST /api/v1/sessions** with `sessionToken` → receive `sessionId` - **agent-browser inject** `sid` cookie with `sessionId` - **agent-browser open** target URL → user is authenticated ## 📋 Usage Examples ### Basic Login ### Setup Commands ### Natural Language The skill responds to natural trigger phrases: - "Login to QA" - "Authenticate to my-app dev" - "Open admin panel staging" - "Switch to prod environment" - "Help me login to https://..." ## 🔒 Security - **Credentials stored locally** — `config.json` is git-ignored and should be `chmod 600` - **Password filtered from output** — never appears in logs or terminal - **Session cache is ephemeral** — also git-ignored, expires with Okta's session lifetime - **No third-party services** — authenticates directly with your Okta domain ## 📁 Configuration Structure - **username/password** — shared Okta credentials for all projects - **okta_domain** — your organization's Okta domain (auto-detected) - **push_factor_id** — your Push MFA factor ID (auto-discovered) - **projects** — named projects with environment-to-URL mappings ## 🎯 Use Cases **Perfect for:** - Developers working across multiple internal environments - QA engineers testing in dev/staging/prod - DevOps accessing admin panels and dashboards - Anyone tired of repetitive Okta login flows - Teams using AI coding assistants for internal projects **Especially useful when:** - You switch environments frequently (10+ times per day) - Your Okta sessions expire quickly - You work with multiple projects simultaneously - You want to stay in flow with your AI assistant ## 🆚 vs Manual Login | Manual Login | okta-skill | | Steps | 5+ (open URL, enter credentials, approve MFA, wait for redirect) | 1 (tell AI assistant where to go) | | Context switching | High (browser, phone, back to editor) | Minimal (just approve Push) | | Configuration | Remember URLs for each environment | Auto-detected and saved | | Session reuse | Manual (hope it's still valid) | Automatic (cached and checked) | | Multi-project | Bookmark management | Structured config | | AI integration | None | Native — just use natural language | ## ⚠️ Limitations - **Okta-specific** — only works with Okta SSO (not Auth0, Azure AD, etc.) - **Push MFA only** — currently supports Okta Verify Push (not SMS, TOTP, etc.) - **Requires agent-browser** — uses browser automation for cookie injection - **Local config** — not synced across machines (by design, for security) ## 🔮 Future Roadmap - Support for other MFA methods (TOTP, SMS) - Support for other SSO providers (Auth0, Azure AD, Google Workspace) - Browser profile management (multiple Okta accounts) - Session expiry notifications - Integration with password managers ## 🎯 Version Info - **Current Version**: v1.0.0 - **Release Date**: 2026-05-27 ## 💡 Tips for Best Results - **Use descriptive project names** — they become your natural language commands - **Group related environments** — one project per application/service - **Set **`chmod 600 config.json` — protect your credentials - **Use **`--save` for long sessions — preserves browser state across skill invocations - **Keep sessions fresh** — if you haven't used an environment in days, expect re-authentication ## 🤝 Contributing okta-skill is part of the Agent Skills ecosystem. Contributions, feedback, and bug reports are welcome! ## 📚 Learn More **Ready to eliminate Okta login friction from your workflow?** Try okta-skill today and stay in flow with your AI coding assistant! *Have you automated SSO login in your workflow? What other authentication patterns would you like to see automated? Share your thoughts in the comments below!*