Deploying the extension using scripts

This page includes:

About deploying the extension using scripts

Using scripts to deploy the extension is recommended in organizations that do not have access to automated tools [UEMs and GPOs] to manage the deployment of extensions on target devices.

After initial installation, the extension is periodically automatically updated - as required.
For details on installation requirements for the extension, see Installation requirements.

Using scripts is applicable to the following browsers and operating systems:

Browsers	Operating Systems
Google Chrome Microsoft Edge Firefox	Windows MacOS

Advantages of using scripts to deploy the extension

Deployment using scripts has the following advantages over the manual deployment methods:

When the extension is deployed using scripts, the extension will be force-installed. In this scenario, end users won't be able to remove or disable the extension.
New ABS releases may require additional permissions. If a user doesn't manually grant these permissions, then the extension will be deactivated. When a script is used to deploy the extension, additional permissions will be automatically granted.

Deployment using scripts - the procedure

To deploy the extension using scripts:

Step 1: Download and run the scripts
Step 2: Connect to the organization
Step 3: Activate the extension

Step 1: Download and run the scripts

Sign-in to the Advanced Browser Security console.
In the Advanced Browser Security console, click Settings > Deployment options.

Under "Installing the extension to endpoints", open the "UEM without extension management capabilities" dropdown:

	Windows	MacOS
	Download the PowerShell installation script. [Download file name: perception-point-extension-deployment.ps1]	Download the MacOS configuration profile. [Download file name: perception-point-extension-deployment.mobileconfig]

Windows

MacOS

Download the PowerShell installation script.

[Download file name: perception-point-extension-deployment.ps1]

Download the MacOS configuration profile.

[Download file name: perception-point-extension-deployment.mobileconfig]

Run or install the script:

Windows environments: Run the downloaded script with local admin rights and use the ByPass execution policy on all target computers.

Example command:

PowerShell.exe -ExecutionPolicy Bypass -File "perception-point-extension-deployment.ps1"

MacOS environments: Install the downloaded configuration profile on all target computers:
1. Open System Settings.
2. Open "Device Management"
3. Click "+" and then select the "perception-point-extension-deployment.mobileconfig" configuration profile that you downloaded.
4. Approve the installation of the configuration profile.

Step 2: Connect to the organization

Sign-in to the Advanced Browser Security console.
In the Advanced Browser Security console, click Settings > Deployment options.
Locate the "Connecting the extension to the ABS organization" section.

Download the required organization-token files - for Windows and MacOS environments:

	Windows	MacOS
	Click Windows, and then download the PowerShell (.ps1) script. [Download file name: perception-point-organization-token.ps1]	Click MacOS, and then download the MacOS Shell (.sh) script. [Download file name: perception-point-organization-token.sh]

Windows

MacOS

Click Windows, and then download the PowerShell (.ps1) script.

[Download file name: perception-point-organization-token.ps1]

Click MacOS, and then download the MacOS Shell (.sh) script.

[Download file name: perception-point-organization-token.sh]

Run the script:

Windows environments: Run the script with local admin rights and use the ByPass execution policy on all target computers.

Example command:

PowerShell.exe -ExecutionPolicy Bypass -File "perception-point-organization-token.ps1"

MacOS environments: Run the script using the terminal application, by entering the following:

sudo sh "perception-point-organization-token.sh"

Step 3: Activate the extension

After you have installed and connected the extension on each endpoint, the extensions must be activated. The extensions function only while they are activated.

You can use any of the following methods to activate the extensions:

Activation method	Description	User input required
Unattended activation	Extensions are automatically activated. New end-users will be identified in the Advanced Browser Security console by their work email addresses - if Advanced Browser Security is able to determine the work email addresses. If Advanced Browser Security isn't able to determine the work email addresses, then the end-users will be identified by their "local signed-on user names" - not by their email addresses. For details about how to configure the "unattended activation mode", see Enabling or disabling the unattended activation mode. Unattended activation is not compatible with SSO.	Never
SAML	Users authenticate using SAML. You'll need to configure the Advanced Browser Security extension as an application in your identity provider. For details, see Identity Provider [IdP] Integration - SSO [ABS]. To activate the extension, user input may or may-not be required, depending on various factors. User input may not be required if: the user is signed-in to the organization's IdP using a work email address, and if the IdP allows multiple accounts to be simultaneously signed-in, then there is only one account currently signed-in to the IdP User input may be required if: the user isn't signed-in to the organization's IdP, or there are multiple accounts currently signed-in New users New users are automatically created in Advanced Browser Security as each user signs-in to the extension for the first time.	Sometimes - depending on the scenario
Manual	Users sign-in to the extensions manually. Users will need to supply their email address when requested. Thereafter, a verification code is sent to them by email. Users must enter the verification code to complete the activation process. New users New users are added using the Advanced Browser Security console. To add new users: Sign-in to the Advanced Browser Security console - using your admin credentials. Click Users, and then click Users. Click Add new user. Type the email addresses of your new users. Use any common delimiter to separate multiple addresses. Select the policy that will be applied to the new users. Clear the "Send email invitations asking users to install the extension" check box. Click Add users.	Always

Activation method

Description

User input required

Unattended activation

Extensions are automatically activated. New end-users will be identified in the Advanced Browser Security console by their work email addresses - if Advanced Browser Security is able to determine the work email addresses. If Advanced Browser Security isn't able to determine the work email addresses, then the end-users will be identified by their "local signed-on user names" - not by their email addresses. For details about how to configure the "unattended activation mode", see Enabling or disabling the unattended activation mode.

Unattended activation is not compatible with SSO.

Never

SAML

Users authenticate using SAML. You'll need to configure the Advanced Browser Security extension as an application in your identity provider. For details, see Identity Provider [IdP] Integration - SSO [ABS].

To activate the extension, user input may or may-not be required, depending on various factors.

User input may not be required if:
- the user is signed-in to the organization's IdP using a work email address, and
- if the IdP allows multiple accounts to be simultaneously signed-in, then there is only one account currently signed-in to the IdP

User input may be required if:
- the user isn't signed-in to the organization's IdP, or there are multiple accounts currently signed-in

New users

New users are automatically created in Advanced Browser Security as each user signs-in to the extension for the first time.

Sometimes - depending on the scenario

Manual

Users sign-in to the extensions manually. Users will need to supply their email address when requested. Thereafter, a verification code is sent to them by email. Users must enter the verification code to complete the activation process.

New users

New users are added using the Advanced Browser Security console.

To add new users:

Sign-in to the Advanced Browser Security console - using your admin credentials.
Click Users, and then click Users.
Click Add new user.
Type the email addresses of your new users. Use any common delimiter to separate multiple addresses.
Select the policy that will be applied to the new users.
Clear the "Send email invitations asking users to install the extension" check box.
Click Add users.

Always