Deploy browser extension to managed devices
In a corporate environment, administrators may opt to streamline the roll-out of Bravura Safe browser extensions via an endpoint management system or via group policy settings by pre-loading the browser extension into an end-user browser. The approach will vary depending on operating system and web browser used.
To install Bravura Safe browser extensions on browsers within the Windows operating system, it is common to employ Windows Group Policy, utilizing an ADMX policy template to reach the designated computers under management. The exact steps for installation can vary from one browser to another.
To set up the browser extension for deployment to Google Chrome on Windows systems:
Download the Chrome Enterprise Bundle for Windows and extract its contents.
From the extracted folder:
Copy the \Configuration\admx\
chrome.admxfile to the C:\Windows\PolicyDefinitions directory.Copy the \Configuration\admx\en-US\
chrome.admlfile to the C:\Windows\PolicyDefinitions\en-US directory.
Launch the Windows Group Policy management console and add a new Group Policy Object for installation of the Bravura Safe browser extension.
Right-click on the created GPO, click Edit... , then access Computer Configuration > Policies > Administrative Templates > Google Chrome > Extensions.
On the right, click Configure the list of force-installed apps and extensions and switch the setting to Enabled.
Click the Show... button and enter the following line:
cjidmfgdjckibjdfnglfdgohkaballnn;https://clients2.google.com/service/update2/crxConfirm by clicking OK.
While still within the Computer Configuration > Policies > Administrative Templates > Google Chrome section, click on Password manager.
Right-click on Enable saving passwords to the password manager on the right, click Edit , change the setting to Disabled and then click OK.
In the same area of Administrative Templates > Google Chrome, repeat the previous step (8) for Enable Autofill for addresses and Enable Autofill for credit cards.
Apply this new GPO to the appropriate organizational units or groups.
To set up the browser extension for Microsoft Edge on Windows:
Obtain and extract the Windows Policy Files for Microsoft Edge .
Within the extracted directory:
Copy the \windows\admx\
msedge.admxfile into the directory: C:\Windows\PolicyDefinitions.Copy the \windows\admx\en-US\
msedge.admlfile to the directory: C:\Windows\PolicyDefinitions\en-US.
Launch the Windows Group Policy Editor and establish a new Group Policy Object (GPO) dedicated to installing the Bravura Safe browser extension.
Right-click the created GPO, click Edit... , then go to: Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions.
On the right, click Control which extensions are installed silently. Then, switch the Enabled setting to active.
Click Show... and enter the details below:
lgjgabmkhcjfpcmflkhmhjgmnnpfgmnc;https://edge.microsoft.com/extensionwebstorebase/v1/crxConfirm your entry by clicking OK.
Continuing in Administrative Templates > Microsoft Edge , open Password manager and protection.
On the right, find and right-click Enable saving passwords to the password manager, and select Edit. Then, change the setting to Disabled and click OK.
Follow the same process in Step 8 for both the Enable Autofill for addresses and Enable Autofill for credit cards settings located in the Administrative Templates > Microsoft Edge section.
Assign the configured GPO to the appropriate group of users or computers.
Installing Bravura Safe browser extensions on various browsers within macOS is usually done using a property list file, known as a .plist file. The exact steps for this process can differ depending on the browser being configured.
To install the Bravura Safe browser extension for Google Chrome on macOS:
Get the macOS version of Google Chrome by downloading the
.dmgor.pkgfile.Obtain the Chrome Enterprise Bundle for Mac.
Extract the Enterprise Bundle (either
GoogleChromeEnterpriseBundle64.ziporGoogleChromeEnterpriseBundle32.zip).Edit the /Configuration/
com.Google.Chrome.plistfile using a text editor of your choice.Incorporate the following configurations into the
.plistfile:<key>ExtensionSettings</key> <dict> <key>cjidmfgdjckibjdfnglfdgohkaballnn</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>update_url</key> <string>https://clients2.google.com/service/update2/crx</string> </dict> </dict>
In this snippet,
cjidmfgdjckibjdfnglfdgohkaballnnrefers to the ID for the Bravura Safe browser extension, while the URLhttps://clients2.google.com/service/update2/crxdirects Chrome to fetch the specified extension from the Chrome Web Store.Note
While you can also use the ExtensionInstallForcelist policy to enforce installation, the ExtensionSettings approach takes precedence over ExtensionInstallForcelist.
To further enhance security, it is advised to turn off Chrome's integrated password manager by adding the following entry to the
com.Google.Chrome.plist:<key>PasswordManagerEnabled</key> <false />
Transform the
com.Google.Chrome.plistinto a configuration profile using a utility such as mcxToProfile.Distribute both the Chrome installation file (
.dmgor.pkg) and the configuration profile to all the applicable machines through your chosen software deployment or Mobile Device Management (MDM) solution.Tip
For additional assistance, consult the Chrome Browser Quick Start guide for Mac provided by Google.
For the installation of the Bravura Safe browser extension on macOS with Microsoft Edge:
Begin by getting the .pkg installer for Microsoft Edge for macOS.
Open a Terminal application, and employ the command below to generate a property list (
.plist) file for Microsoft Edge on your Desktop:/usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1To convert the
.plistfile from a binary format to a readable plaintext format, input the following command:/usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plistEdit the
com.microsoft.Edge.plistfile to include these settings:<key>ExtensionSettings</key> <dict> <key>lgjgabmkhcjfpcmflkhmhjgmnnpfgmnc</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>update_url</key> <string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string> </dict> </dict>
In the above snippet,
lgjgabmkhcjfpcmflkhmhjgmnnpfgmncrefers to the unique identifier for the Bravura Safe browser extension, while the specified URLhttps://edge.microsoft.com/extensionwebstorebase/v1/crxdirects Edge to fetch the extension from the Edge Add-On Store.Note
While it is possible to manage forced installations using the ExtensionInstallForceList policy, employing the ExtensionSettings method is preferred as it takes precedence.
For an additional security measure, it is advised to turn off the native password manager in Edge. To accomplish this, add this setting to your
com.microsoft.Edge.plist:<key>PasswordManagerEnabled</key> <false/>
Convert the updated
com.microsoft.Edge.plistfile into a configuration profile using a tool such as mcxToProfile.Proceed with the distribution of the Edge
.pkgfile and the configuration profile to all controlled machines through your preferred software deployment or MDM (Mobile Device Management) system.Tip
For assistance with Jamf, consult Microsoft's configuration guides for Edge policy settings on macOS using Jamf.
Installation of Bravura Safe browser extensions on Linux systems typically requires the utilization of a .json configuration file to define the necessary settings. The specific approach varies based on the browser.
To deploy the Bravura Safe browser extension for Google Chrome on a Linux system:
Download the appropriate package for Google Chrome on Linux, which could be either a .deb or .rpm file.
Get the Chrome Enterprise Bundle from Google's official site.
Extract the contents of the downloaded Enterprise Bundle (which will be named either
GoogleChromeEnterpriseBundle64.ziporGoogleChromeEnterpriseBundle32.zip) and navigate to the /Configuration directory within the extracted folder.Locate the
master_preferences.jsonfile (namedinitial_preferences.jsonin Chrome version 91 and later), create a duplicate of this file and rename the duplicate tomanaged_preferences.json.Edit the
managed_preferences.jsonfile by adding:{ "policies:" { "ExtensionSettings": { "cjidmfgdjckibjdfnglfdgohkaballnn": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx" } } } }In the above snippet,
cjidmfgdjckibjdfnglfdgohkaballnnrefers to the identifier for the Bravura Safe browser extension, while the URLhttps://clients2.google.com/service/update2/crxis used by Chrome to download the extension from the Chrome Web Store.Note
Although the ExtensionInstallForcelist policy can be used for forced installations, the ExtensionSettings configuration will take priority.
It is also wise to deactivate the default password manager in Chrome. To achieve this, add the following settings within the
"policies": { }section of themanaged_preferences.jsonfile:{ "PasswordManagerEnabled": false }Ensure the necessary directories are present on the system by executing these commands:
mkdir /etc/opt/chrome/policiesmkdir /etc/opt/chrome/policies/managedMove the
managed_preferences.jsonfile to the /etc/opt/chrome/policies/managed directory.To maintain security after deployment, modify the permissions so that only administrators can alter files in the /managed directory:
chmod -R 755 /etc/opt/chrome/policiesUsing your choice of software distribution tool or MDM solution, deploy the following to the users' Linux systems:
The Google Chrome browser package (
.debor.rpm)The managed configuration at /etc/opt/chrome/policies/managed/
managed_preferences.json
Tip
For additional guidance, consult the Chrome Browser Quick Start for Linux documentation provided by Google.