Deployment via Google Workspace

Note: This page applies to deploying the extension on Google Chrome, on any operating system. For important additional information about deploying the extension, see Deploying the extension [Managed deployment].

The following procedure describes how to use Google Workspace or Chrome Browser Cloud Management to deploy the extension. In some configurations, the extension will be deployed and activated without requiring the users to enter any credentials, such as an email address.

The procedure applies to Google Chrome, on any operating system.

Note: When you implement the procedure below, the extension will be force-installed on all target devices - users will not be able to remove or disable the extension. If the extension is pushed on a user browser profile level (and not on the machine/device level), the extension will be deployed only after the users sign-in with their corporate email, and then sync their profiles with their Google accounts (by clicking "Turn on sync") - it's not sufficient to just sign-in. For signing-in users, we recommend that you use SAML with Google. This will use Google to sign-in to authenticate the end-user. In some configurations, this authentication is seamless - without requiring any input from the end-user. You'll need to configure the Advanced Browser Security extension as an application in Google.

Deployment procedure

To deploy the extension via Google Workspace, follow these steps:

Step 1: Installing the extension Step 2: Connecting the extension Step 3: Activating the extension

For other extension deployment options, see Deploying the extension [Managed deployment].

Step 1: Installing the extension

In the Google Workspace admin console

1. Use an administrator account to sign-in to the Google Workspace admin console.

2. Go to Devices > Chrome > Apps & Extensions > Users & browsers.

3. Select the organizational unit for which you want to force-install the extension.

4. Click the "+" icon on the bottom-right, and click "Add Chrome app or extension by ID"

5. Copy and paste the following Google Chrome extension ID:

   kpehlcnleoaejbmmgncofcgpjnojlfbn

6. Click Save.

7. Under "Installation policy", select "Force install + pin to browser toolbar"

8. Select Permissions and URL access > Allow all permissions.

Step 2: Connecting the extension

In the Advanced Browser Security console

9. Download the required organization token from the Advanced Browser Security console.

   • For details, see Downloading an organization token - making sure to download the Google Workspace (.txt) token file.

     The organization token file [perception-point-organization-token.txt] will be downloaded to your computer.

In the Google Workspace admin console

10. Under "Policy for extensions", click the Upload button [] and then upload the perception-point-organization-token.txt file that you downloaded from the Advanced Browser Security console in the previous step.

11. Click Save on the top-right of the page.

Note: On managed devices, you can force users to sign-in to Google Chrome and receive the extension, by following the instructions here . On unmanaged devices, you can use Context-Aware Access to allow access to apps only if Google Chrome is managed, by requiring a specific chrome.management_state. See here for examples. See further instructions here .

Step 3: Activating the extension

Note: Unattended activation is not compatible with managed deployments via Google Workspace.

For details on activating the extensions, see Step 3: Activating the extension on endpoints.

See also: 

• Browser Extension Topics