Introducing okta-skill: Zero-Config Okta SSO Auto-Login for AI Coding Assistants

Tired of manually logging into internal tools protected by Okta SSO? okta-skill brings seamless authentication to your AI coding assistant workflow.

🎯 What is okta-skill?

okta-skill is an agent skill that automates Okta SSO authentication with Push MFA, then injects session cookies directly into your browser. No more context switching, no more manual login flows — just tell your AI assistant where you want to go.

The Problem

When working with AI coding assistants on internal projects, you constantly need to:

1. Open internal tools (admin panels, dashboards, staging environments)
2. Get redirected to Okta login
3. Enter credentials
4. Approve Push MFA on your phone
5. Get redirected back
6. Lose your flow and context

This happens dozens of times per day across multiple environments (dev, QA, staging, prod).

The Solution

With okta-skill, just say:

"Login to my-app QA"

The skill handles everything: authenticates via Okta API, completes Push MFA, injects the session cookie, and opens the target URL. You stay in flow.

🚀 Zero-Config Setup

The first time you use it, just provide a URL:

"Help me login to https://my-app.qa.example.com/"

The skill will:

1. Auto-detect Okta domain from the redirect URL
2. Ask for username and password (only input needed)
3. Auto-infer project and environment from the URL pattern
4. Auto-discover MFA factor ID from your Okta account
5. Complete the login (you just tap the Push notification)

Everything is saved to config.json for future use. No manual configuration needed.

📦 Installation

Using npx skills (Recommended)

npx skills add conanttu/skills/okta-skill -g -y

Manual Installation

git clone https://github.com/conanttu/skills.git
cd skills
ln -s $(pwd)/okta-skill ~/.claude/skills/okta-skill

Prerequisites:

• Node.js 18+
• agent-browser (npm install -g agent-browser)

🎨 Features

1. Multi-Project Support

Configure multiple projects with multiple environments each:

{
  "projects": {
    "admin-panel": {
      "dev": "https://admin.dev.example.com/login",
      "qa": "https://admin.qa.example.com/login",
      "prod": "https://admin.example.com/login"
    },
    "analytics": {
      "qa": "https://analytics.qa.example.com/login",
      "prod": "https://analytics.example.com/login"
    }
  }
}

Then use natural language:

/okta --project admin-panel --env qa
/okta --project analytics --env prod

2. Session Caching

Valid Okta sessions are cached and reused. If your session is still valid, the skill skips re-authentication entirely — just injects the cached cookie and opens the URL.

3. Direct URL Login

Don't have a project configured yet? Use a direct URL:

/okta --url https://new-tool.example.com/login

The skill will authenticate and navigate there immediately.

4. AI-Guided Configuration

Adding a new project is conversational:

"Add staging environment for admin-panel: https://admin.staging.example.com/"

The skill reads your existing config, infers the project and environment names, adds the entry, and saves it back. No manual JSON editing.

🔧 How It Works

User: "Login to my-app QA"
    ↓
Skill checks session cache
    ↓
[If expired] Authenticate via Okta API
    ↓
Send Push MFA notification
    ↓
User taps phone → MFA approved
    ↓
Receive Okta sessionId
    ↓
Inject session cookie via agent-browser
    ↓
Navigate to target URL
    ↓
Done — user is logged in

Technical Flow

1. POST /api/v1/authn with username/password → receive stateToken
2. POST /api/v1/authn/factors/{factorId}/verify with stateToken → poll until user approves Push
3. POST /api/v1/sessions with sessionToken → receive sessionId
4. agent-browser inject sid cookie with sessionId
5. agent-browser open target URL → user is authenticated

📋 Usage Examples

Basic Login

# Login to specific project + environment
/okta --project my-app --env qa

# Direct URL
/okta --url https://app.example.com/login

# Save browser session for later
/okta --project my-app --env qa --save

Setup Commands

# List available MFA factors
/okta --list-factors

# Adjust Push MFA timeout (default: 120 seconds)
/okta --project my-app --env qa --timeout 180

Natural Language

The skill responds to natural trigger phrases:

• "Login to QA"
• "Authenticate to my-app dev"
• "Open admin panel staging"
• "Switch to prod environment"
• "Help me login to https://..."

🔒 Security

• Credentials stored locally — config.json is git-ignored and should be chmod 600
• Password filtered from output — never appears in logs or terminal
• Session cache is ephemeral — also git-ignored, expires with Okta's session lifetime
• No third-party services — authenticates directly with your Okta domain

📁 Configuration Structure

{
  "username": "your.name@company.com",
  "password": "your_password",
  "okta_domain": "yourcompany.okta.com",
  "push_factor_id": "opfXXXXXXXXXXXXXX",
  "projects": {
    "my-app": {
      "dev": "https://my-app.dev.example.com/login",
      "qa": "https://my-app.qa.example.com/login",
      "prod": "https://my-app.example.com/login"
    }
  }
}

• username/password — shared Okta credentials for all projects
• okta_domain — your organization's Okta domain (auto-detected)
• push_factor_id — your Push MFA factor ID (auto-discovered)
• projects — named projects with environment-to-URL mappings

🎯 Use Cases

Perfect for:

• Developers working across multiple internal environments
• QA engineers testing in dev/staging/prod
• DevOps accessing admin panels and dashboards
• Anyone tired of repetitive Okta login flows
• Teams using AI coding assistants for internal projects

Especially useful when:

• You switch environments frequently (10+ times per day)
• Your Okta sessions expire quickly
• You work with multiple projects simultaneously
• You want to stay in flow with your AI assistant

🆚 vs Manual Login

	Manual Login	okta-skill
Steps	5+ (open URL, enter credentials, approve MFA, wait for redirect)	1 (tell AI assistant where to go)
Context switching	High (browser, phone, back to editor)	Minimal (just approve Push)
Configuration	Remember URLs for each environment	Auto-detected and saved
Session reuse	Manual (hope it's still valid)	Automatic (cached and checked)
Multi-project	Bookmark management	Structured config
AI integration	None	Native — just use natural language

⚠️ Limitations

• Okta-specific — only works with Okta SSO (not Auth0, Azure AD, etc.)
• Push MFA only — currently supports Okta Verify Push (not SMS, TOTP, etc.)
• Requires agent-browser — uses browser automation for cookie injection
• Local config — not synced across machines (by design, for security)

🔮 Future Roadmap

• Support for other MFA methods (TOTP, SMS)
• Support for other SSO providers (Auth0, Azure AD, Google Workspace)
• Browser profile management (multiple Okta accounts)
• Session expiry notifications
• Integration with password managers

🎯 Version Info

• Current Version: v1.0.0
• Release Date: 2026-05-27

💡 Tips for Best Results

1. Use descriptive project names — they become your natural language commands
2. Group related environments — one project per application/service
3. Set chmod 600 config.json — protect your credentials
4. Use --save for long sessions — preserves browser state across skill invocations
5. Keep sessions fresh — if you haven't used an environment in days, expect re-authentication

🤝 Contributing

okta-skill is part of the Agent Skills ecosystem. Contributions, feedback, and bug reports are welcome!

📚 Learn More

• GitHub Repository
• Full Documentation
• Chinese Documentation

---

Ready to eliminate Okta login friction from your workflow? Try okta-skill today and stay in flow with your AI coding assistant!

---

Have you automated SSO login in your workflow? What other authentication patterns would you like to see automated? Share your thoughts in the comments below!