Is there a way to stay signed in Google accounts across browser restarts if credentials are managed through an SSO identity provider?
After each browser restart it redirects to the single-sign-on site (e.g. Okta) where it requires to enter the password for that site.
https://support.google.com/a/answer/4421331?hl=en says that "The Stay signed in checkbox is selected by default" but it doesn't seem to be "selected by default" if you don't get to the password page.
There are two distinct questions here. The first one deals with Identity Providers (IdP) like Okta and the way this works depends on several configuration settings and other factors. In general, if a user has authenticated with a SAML IdP (e.g., Okta), still has a valid session and the Service Provider (i.e., Google) has been configured to redirect sign-on requests, then Okta can generate a SAML response, pass it to Google and the user will gain access to the protected resource (i.e., Google App) without being challenged to login again regardless of whether the browser is restarted. The Okta Developer Guide describes this process in detail.
If the session with Okta has expired for whatever reason, the user will be able to login in ONCE using a one-time token to get a new session cookie.
The second question has to do with the 'Stay signed in' checkbox in Google. This is unrelated to identity assertions as there is no 3rd party IdP in play -- the user context is stored in a cookie and as with the solution above, the persistence of this non-persistent cookie is entirely dependent on how the browser is configured to manage this.