Skip to main content

Deploy browser extension to managed devices

In a corporate environment, administrators may opt to streamline the roll-out of Bravura Safe browser extensions via an endpoint management system or via group policy settings by pre-loading the browser extension into an end-user browser. The approach will vary depending on operating system and web browser used.

Auto deploy Bravura Safe Browser Extension - Windows

To install Bravura Safe browser extensions on browsers within the Windows operating system, it is common to employ Windows Group Policy, utilizing an ADMX policy template to reach the designated computers under management. The exact steps for installation can vary from one browser to another.

Auto deploy Bravura Safe Chrome Extension on Windows

To set up the browser extension for deployment to Google Chrome on Windows systems:

  1. Download the Chrome Enterprise Bundle for Windows and extract its contents.

  2. From the extracted folder:

    • Copy the \Configuration\admx\chrome.admx file to the C:\Windows\PolicyDefinitions directory.

    • Copy the \Configuration\admx\en-US\chrome.adml file to the C:\Windows\PolicyDefinitions\en-US directory.

  3. Launch the Windows Group Policy management console and add a new Group Policy Object for installation of the Bravura Safe browser extension.

  4. Right-click on the created GPO, click Edit... , then access Computer Configuration > Policies > Administrative Templates > Google Chrome > Extensions.

  5. On the right, click Configure the list of force-installed apps and extensions and switch the setting to Enabled.

  6. Click the Show... button and enter the following line:

    cjidmfgdjckibjdfnglfdgohkaballnn;https://clients2.google.com/service/update2/crx

    Confirm by clicking OK.

  7. While still within the Computer Configuration > Policies > Administrative Templates > Google Chrome section, click on Password manager.

  8. Right-click on Enable saving passwords to the password manager on the right, click Edit , change the setting to Disabled and then click OK.

  9. In the same area of Administrative Templates > Google Chrome, repeat the previous step (8) for Enable Autofill for addresses and Enable Autofill for credit cards.

  10. Apply this new GPO to the appropriate organizational units or groups.

Auto deploy Bravura Safe Firefox Extension on Windows

To implement the browser extension for Firefox on a Windows system:

  1. Download the ADMX Template for Firefox file and extract its contents.

  2. In the extracted folder:

    1. Copy the \policy_templates_<version>\windows\firefox.admx file to the directory C:\Windows\PolicyDefinitions.

    2. Copy the \policy_templates_<version>\windows\en-US\firefox.adml file to the directory C:\Windows\PolicyDefinitions\en-US.

  3. Launch the Windows Group Policy Editor and generate a new Group Policy Object (GPO) for setting up the Bravura Safe browser extension.

  4. Right-click the created GPO, click the Edit... option, and go to: Computer Configuration > Policies > Administrative Templates > Firefox > Extensions.

  5. In the right panel, click Extensions to Install. Turn on the Enabled option in the window that appears.

  6. Click Show... and input the Bravura Security URL:

    https://github.com/Hitachi-ID/bravura-safe_browser/releases/latest

    Confirm by clicking OK.

  7. In the navigation pane, click Firefox. On the right, click Edit... and deactivate the Offer to save logins and Offer to save logins (default) settings.

  8. Finish by assigning the configured GPO to the intended targets.

Auto deploy Bravura Safe Edge Extension on Windows

To set up the browser extension for Microsoft Edge on Windows:

  1. Obtain and extract the Windows Policy Files for Microsoft Edge .

  2. Within the extracted directory:

    • Copy the \windows\admx\msedge.admx file into the directory: C:\Windows\PolicyDefinitions.

    • Copy the \windows\admx\en-US\msedge.adml file to the directory: C:\Windows\PolicyDefinitions\en-US.

  3. Launch the Windows Group Policy Editor and establish a new Group Policy Object (GPO) dedicated to installing the Bravura Safe browser extension.

  4. Right-click the created GPO, click Edit... , then go to: Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions.

  5. On the right, click Control which extensions are installed silently. Then, switch the Enabled setting to active.

  6. Click Show... and enter the details below:

    lgjgabmkhcjfpcmflkhmhjgmnnpfgmnc;https://edge.microsoft.com/extensionwebstorebase/v1/crx

    Confirm your entry by clicking OK.

  7. Continuing in Administrative Templates > Microsoft Edge , open Password manager and protection.

  8. On the right, find and right-click Enable saving passwords to the password manager, and select Edit. Then, change the setting to Disabled and click OK.

  9. Follow the same process in Step 8 for both the Enable Autofill for addresses and Enable Autofill for credit cards settings located in the Administrative Templates > Microsoft Edge section.

  10. Assign the configured GPO to the appropriate group of users or computers.

Auto deploy Bravura Safe Browser Extensions - macOS

Installing Bravura Safe browser extensions on various browsers within macOS is usually done using a property list file, known as a .plist file. The exact steps for this process can differ depending on the browser being configured.

Auto deploy Bravura Safe Chrome Extension on macOS

To install the Bravura Safe browser extension for Google Chrome on macOS:

  1. Get the macOS version of Google Chrome by downloading the .dmg or .pkg file.

  2. Obtain the Chrome Enterprise Bundle for Mac.

  3. Extract the Enterprise Bundle (either GoogleChromeEnterpriseBundle64.zip or GoogleChromeEnterpriseBundle32.zip).

  4. Edit the /Configuration/com.Google.Chrome.plist file using a text editor of your choice.

  5. Incorporate the following configurations into the .plist file:

    <key>ExtensionSettings</key>
 <dict>
  <key>cjidmfgdjckibjdfnglfdgohkaballnn</key>
  <dict>
   <key>installation_mode</key>
   <string>force_installed</string>
   <key>update_url</key>
   <string>https://clients2.google.com/service/update2/crx</string>
  </dict>
 </dict>

    In this snippet, cjidmfgdjckibjdfnglfdgohkaballnn refers to the ID for the Bravura Safe browser extension, while the URL https://clients2.google.com/service/update2/crx directs Chrome to fetch the specified extension from the Chrome Web Store.

    Note

    While you can also use the ExtensionInstallForcelist policy to enforce installation, the ExtensionSettings approach takes precedence over ExtensionInstallForcelist.

  6. To further enhance security, it is advised to turn off Chrome's integrated password manager by adding the following entry to the com.Google.Chrome.plist:

    <key>PasswordManagerEnabled</key>
<false />

  7. Transform the com.Google.Chrome.plist into a configuration profile using a utility such as mcxToProfile.

  8. Distribute both the Chrome installation file ( .dmg or .pkg) and the configuration profile to all the applicable machines through your chosen software deployment or Mobile Device Management (MDM) solution.

    Tip

    For additional assistance, consult the Chrome Browser Quick Start guide for Mac provided by Google.

Auto deploy Bravura Safe Firefox Extension on macOS

To set up the Bravura Safe browser extension for Firefox on a MacOS system:

  1. First, ensure that you have Firefox for Enterprise installed on your macOS device.

  2. Navigate to Firefox.app/Contents/Resources/ and establish a new directory named distribution.

  3. In the above new directory, make this file: org.mozilla.firefox.plist.

    Tip

    Refer to the Firefox property list (.plist) template and/or policy-templates for guidance.

  4. Edit the org.mozilla.firefox.plist file by inserting the following configuration:

    <key>ExtensionSettings</key>
 <dict>
  <key>487126d9-6017-4b6e-9319-b2d415c7fb26</key>
  <dict>
   <key>installation_mode</key>
   <string>force_installed</string>
   <key>update_url</key>
   <string>https://github.com/Hitachi-ID/bravura-safe_browser/releases/latest</string>
  </dict>
 </dict>

    In the above snippet, 487126d9-6017-4b6e-9319-b2d415c7fb26 represents the specific ID of the Bravura Safe browser extension, while the URL provided https://github.com/Hitachi-ID/bravura-safe_browser/releases/latest is the location from which Firefox will fetch the extension.

  5. It is also advisable to deactivate Firefox's default password manager to prevent conflicts. To do this, append the following setting to the org.mozilla.firefox.plist file:

    <dict>
  <key>PasswordManagerEnabled</key>
  <false/>
</dict>

  6. After updating the org.mozilla.firefox.plist file, transform it into a configuration profile using a tool such as mcxToProfile.

  7. Finally, distribute both the Firefox .dmg file and the newly created configuration profile to all the machines under your management using your chosen software distribution tool or MDM (Mobile Device Management) solution.

Auto deploy Bravura Safe Edge Extension on macOS

For the installation of the Bravura Safe browser extension on macOS with Microsoft Edge:

  1. Begin by getting the .pkg installer for Microsoft Edge for macOS.

  2. Open a Terminal application, and employ the command below to generate a property list (.plist) file for Microsoft Edge on your Desktop:

    /usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1

  3. To convert the .plist file from a binary format to a readable plaintext format, input the following command:

    /usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plist

  4. Edit the com.microsoft.Edge.plist file to include these settings:

    <key>ExtensionSettings</key>
 <dict>
  <key>lgjgabmkhcjfpcmflkhmhjgmnnpfgmnc</key>
  <dict>
   <key>installation_mode</key>
   <string>force_installed</string>
   <key>update_url</key>
   <string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
  </dict>
 </dict>

    In the above snippet, lgjgabmkhcjfpcmflkhmhjgmnnpfgmnc refers to the unique identifier for the Bravura Safe browser extension, while the specified URL https://edge.microsoft.com/extensionwebstorebase/v1/crx directs Edge to fetch the extension from the Edge Add-On Store.

    Note

    While it is possible to manage forced installations using the ExtensionInstallForceList policy, employing the ExtensionSettings method is preferred as it takes precedence.

  5. For an additional security measure, it is advised to turn off the native password manager in Edge. To accomplish this, add this setting to your com.microsoft.Edge.plist:

    <key>PasswordManagerEnabled</key>
<false/>

  6. Convert the updated com.microsoft.Edge.plist file into a configuration profile using a tool such as mcxToProfile.

  7. Proceed with the distribution of the Edge .pkg file and the configuration profile to all controlled machines through your preferred software deployment or MDM (Mobile Device Management) system.

    Tip

    For assistance with Jamf, consult Microsoft's configuration guides for Edge policy settings on macOS using Jamf.

Auto deploy Bravura Safe Browser Extensions - Linux

Installation of Bravura Safe browser extensions on Linux systems typically requires the utilization of a .json configuration file to define the necessary settings. The specific approach varies based on the browser.

Auto deploy Bravura Safe Chrome Extension on Linux

To deploy the Bravura Safe browser extension for Google Chrome on a Linux system:

  1. Download the appropriate package for Google Chrome on Linux, which could be either a .deb or .rpm file.

  2. Get the Chrome Enterprise Bundle from Google's official site.

  3. Extract the contents of the downloaded Enterprise Bundle (which will be named either GoogleChromeEnterpriseBundle64.zip or GoogleChromeEnterpriseBundle32.zip) and navigate to the /Configuration directory within the extracted folder.

  4. Locate the master_preferences.json file (named initial_preferences.json in Chrome version 91 and later), create a duplicate of this file and rename the duplicate to managed_preferences.json.

  5. Edit the managed_preferences.json file by adding:

    {
  "policies:" {
  "ExtensionSettings": {
    "cjidmfgdjckibjdfnglfdgohkaballnn": {
      "installation_mode": "force_installed",
      "update_url":
         "https://clients2.google.com/service/update2/crx"
      }
    }
  }
}

    In the above snippet, cjidmfgdjckibjdfnglfdgohkaballnn refers to the identifier for the Bravura Safe browser extension, while the URL https://clients2.google.com/service/update2/crx is used by Chrome to download the extension from the Chrome Web Store.

    Note

    Although the ExtensionInstallForcelist policy can be used for forced installations, the ExtensionSettings configuration will take priority.

  6. It is also wise to deactivate the default password manager in Chrome. To achieve this, add the following settings within the "policies": { } section of the managed_preferences.json file:

    {
  "PasswordManagerEnabled": false
}

  7. Ensure the necessary directories are present on the system by executing these commands:

    mkdir /etc/opt/chrome/policies

    mkdir /etc/opt/chrome/policies/managed

  8. Move the managed_preferences.json file to the /etc/opt/chrome/policies/managed directory.

  9. To maintain security after deployment, modify the permissions so that only administrators can alter files in the /managed directory:

    chmod -R 755 /etc/opt/chrome/policies

  10. Using your choice of software distribution tool or MDM solution, deploy the following to the users' Linux systems:

    • The Google Chrome browser package (.deb or .rpm)

    • The managed configuration at /etc/opt/chrome/policies/managed/managed_preferences.json

    Tip

    For additional guidance, consult the Chrome Browser Quick Start for Linux documentation provided by Google.

Auto deploy Bravura Safe Firefox Extension on Linux

To install the browser add-on for Firefox on a Linux system, please follow these steps:

  1. Download the Linux version of Firefox.

  2. Within the directory where Firefox is installed, create a new subdirectory named distribution.

  3. Inside the distribution subdirectory, generate a new file named policies.json.

  4. Populate policies.json with the configuration below:

    {
"policies": {
 "ExtensionSettings": {
   "487126d9-6017-4b6e-9319-b2d415c7fb26": {
     "installation_mode": "force_installed",
     "install_url": "https://github.com/Hitachi-ID/bravura-safe_browser/releases/latest"
      }
    }
  }
}

    In this configuration, the identifier 487126d9-6017-4b6e-9319-b2d415c7fb26 corresponds to the Bravura Safe extension ID, and the URL provided instructs Firefox to fetch the add-on directly from Bravura Security's GitHub repository.

  5. Bravura Security recommends turning off the integrated password management feature in Firefox by appending the following code to policies.json within the "policies": { } object:

    {
"PasswordManagerEnabled": false
}

  6. To distribute this setup to all user workstations, roll out the following components using your chosen software deployment or MDM (Mobile Device Management) solution:

    • Firefox Browser

    • The /distribution/policies.json file

    Tip

    For additional guidance, consult the policies overview or policy-templates provided by Firefox.

In this section: