Skip to main content

Installing native access disclosure plugins

Native access disclosure plugins can be used with the following browsers:

  • Microsoft Edge

  • Mozilla Firefox

  • Google Chrome

If access to the password includes insecure access to the password with pswxview , then deploying access disclosure plugins is not required.

Native access disclosure plugins only work on Windows. Mac OSX and other operating systems are not supported.

Mozilla Firefox

On Firefox access disclosure plugins can be installed by:

  • Allowing users to install both the Bravura Security browser add-on and firefox-extension-x64.msi at the time of check out

    The native extension, firefox-extension-x64.msi can be deployed using a Group Policy or a System Center Configuration Manager (SMS)

  • Using a one-time disclosure method

Use Case: Firefox

This use case demonstrates the typical workflow a user will experience the first time a native access disclosure plugin is used in Firefox.

This use case assumes firefox-extension-x64.msi has not been deployed using a Group Policy or system Center Configuration Manager (SMS)

  1. Check out an and click on the disclosure (copy or display).

  2. Click Install firefox add-on.

  3. Click Continue to Installation when prompted to install add-on.

  4. Click Add when prompted to add Bravura Security browser add-on.

    The Bravura Security browser add-on should be added, as indicated by the icon on address bar.

  5. Return to the check- out screen and Install native add-on should be displayed. This may require refreshing the screen.

  6. Click Install native add-on.

  7. Save firefox-extension-x64.msi.

  8. Run the MSI installer.

  9. After the extension is installed, restart the browser.

    Return to the check-out page and the disclosure should be launched when you click it.

Google Chrome and Microsoft Edge

On Google Chrome and Microsoft Edge access disclosure plugins can be installed by:

  • Allowing users to install both the Bravura Security browser extension and browser-extension-win-x86.msi at the time of check out

    The native extension, browser-extension-win-x86.msi can be deployed using a Group Policy or a System Center Configuration Manager (SMS)

    The Bravura Security browser extension is available from the Chrome web store

  • Using a one-time disclosure method

Use Case: Check out an account in Chrome or Edge

This use case demonstrates the typical workflow a user will experience the first time a native access disclosure plugin is used in Chrome or Edge.

This use case assumes browser-extension-win-x64.msi has not been deployed using a Group Policy or system Center Configuration Manager (SMS).

  1. Check out a vault account and click on the disclosure (copy or display).

  2. Click Install Chrome extension.

    A new browser tab with the Bravura Security browser extension in the Chrome Web store is opened.

  3. Click Add to Chrome.

  4. Click Add when prompted to add Bravura Security browser extension.

    The Browser Extension should be added, as indicated by the icon on address bar.

  5. When you return the check-out page, Install native extension should be displayed . This may require refreshing the screen.

  6. Click Install native extension. You may be prompted to save browser-extension-win-x86.msi , or it will be automatically saved.

  7. Run the MSI installer.

  8. After the extension is installed, restart the browser.

  9. Return to the check-out page, and the disclosure should launch when you click on it.

Installing ActiveX controls with ppm-activex-controls.msi

Installing ActiveX controls is no longer a supported method. See documentation for Bravura Security Fabric version 12.5 or older if you need information about this feature..

Installing JavaScript controls with MSI installers

An MSI installer is available for download when users attempt to access a password without installing the browser extension for Chrome or Firefox first:

  • browser-extension-win-x86.msi for Chrome

  • firefox-extension-win-x64.msi for Firefox browsers on a Windows 32-bit workstation

  • firefox-extension-win-x64.msi for Firefox browsers on a Windows 64-bit workstation

These MSI installers are also available on the Bravura Security Fabric server in the addons\idarchive directory.

If a previous version of native extensions for Firefox is already installed on the workstation (11.1.x or older) you must uninstall and install the current version.

Disclosure plugins are not supported for Mac OS.

To manually install the browser extension:

  1. Launch the Windows Installer package.

  2. Click Next .

  3. Read and accept the Bravura Security Fabric license.

  4. Click Next .

  5. Select an installation scope (if options are available).

    If you are logged in as an administrator, you can choose to install the browser extension for yourself or for all users on the workstation.

  6. Click Next .

  7. Click:

    • Typical to install all browser extension modules.

    or

    • Custom to select modules.

      It is recommended that you do not change the installation directory.

  8. Click Install to start the installation. The installer begins copying files to your computer. The Installation Complete dialog appears after the browser extension has been successfully installed.

  9. Click Finish to exit.

One-time disclosure plugin

You can launch access disclosure plugins using the one-time disclosure method. These plugins have the same functionality as the native access disclosure plugins and do not require additional software, however they are good for one-time use only. The one-time disclosure is available as an executable that can be run directly or downloaded to be run on a different workstation. A new executable needs to be generated in order to view the access disclosure plugin again.

You can configure messages to display to users how much check-out time is remaining and that the check-out time has expired.

When a one-time disclosure plug-in is downloaded and executed, the plug-in will check with Bravura Privilege to determine how much time is left in the checkout, or if the authorized interval has expired. This also applies to one-time plug-ins that have been saved for future use.

The one-time disclosure option is enabled by default. End-users may be able to see this option if the native access disclosure plugins are not yet installed or are disabled. When the one-time disclosure option is disabled, the option will be grayed out.

To disable one-time disclosures:

  1. Go to Manage the system > Modules > Privileged access .

  2. Set PAM ALLOW ONE TIME DISCLOSURE to Disabled.

  3. Click Update.

Troubleshooting native access disclosure plugins

Users on a Windows workstation are prevented from installing browser extensions

To allow users to install the browser extensions, enable and modify the following group policy setting:

  1. Go to Start menu, type gpedit.msc in the search box, and click on the program to access the Local Group Policy Editor.

  2. Expand Computer Configuration > Administrative Templates > Windows Components > Windows Installer.

  3. Right-click Turn off Windows Installer , select Edit .

    Older versions of Windows refer to this setting as Disable Windows Installer.

  4. Select Enabled .

  5. Under Disable Windows Installer , select Never .

  6. Click OK.

Administrators on a Windows workstation cannot install browser extensions for all users

If administrators are unable to select an installation scope option, disable the following in the Local Group Policy Editor:

  • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > User Account Control: Run all administrators in Admin Approval Mode

  • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > User Account Control: Admin Approval Mode for the built-in Administrator account

In this section: