Organization tokens

This page includes:

• Organization tokens
  • About organization tokens
  • Organization tokens and extension activation
  • Organization token formats
  • Downloading an organization token

About organization tokens

Note: Organization tokens are required for Step 2 of the extension deployment process - Connecting the extension. For more information about Step 2, see Step 2: Connecting the extension via UEM solutions [Generic]. For an overview of the extension deployment process, see Deploying the extension [Managed deployment].

The organization token connects each extension to the ABS organization - the token identifies with which organization a specific extension is associated. This connection enables the extension to access policies [and other settings] that are defined for the organization.

You can download an "organization token" from within the Advanced Browser Security console, and then deploy the token on all target computers. The token that is downloaded is unique to your organization - and will never be changed.

After you have downloaded an organization token, the downloaded file is ready to use - it does not require any editing.

Note: Organization tokens are not required for manual deployments. For details, see Deploying the extension [Managed deployment]. Organization tokens are required when using the SAML and automatic methods to sign-in users.

Organization tokens and extension activation

When SAML is enabled for an organization, the organization token enables the extension to begin the SAML process. In some scenarios, this may enable the ABS browser extension to be activated without requiring any user input [such as the user having to enter any credentials, such as an email address or a password].

Organization tokens also enable the "unattended activation mode" to be used. This mode also enables users to be signed-in to the ABS browser extension without requiring the user to enter any credentials. For details, see Unattended activation mode.

When the extension is deployed after the organization token has been deployed on any target device, the user will be automatically signed-in to the extension if both of the following conditions are met:

• SSO [single-sign-on] has been configured for Advanced Browser Security through an identity provider. For details, see Identity Provider [IdP] Integration - SSO [ABS].

• At the moment that the extension is deployed, the user is signed-in to the identity provider in the browser - with an email address that is managed by the identity provider.

If the above conditions are not met, users will be required to sign-in to the browser extension.

Organization token formats

The organization token that you download can be included in various formats.

The downloaded file always has the file name "perception-point-organization-token.xxx" - where the 'xxx" extension varies between the various download options [as shown in the table below].

Download option	Description	Browsers	Operating Systems	Extension of downloaded file
Google Workspace	This format is required if you are using a product such as Google Workspace to manage browser profiles. The downloaded .txt file fits the specified Google Workspace extension policy .txt format. To install the extension and the token via Google Workspace, follow the instructions here. The downloaded .txt file should be provided under the "Policy for extensions" section. For deployment details, see Deployment via Google Workspace.	Google Chrome	Windows MacOS	.txt
Windows PowerShell	This format is required for deploying the extension on Windows devices. The PowerShell script includes code to perform all the required procedures to deploy the organization token - when the script is executed. Execute the script as an administrator. You can modify the script if required.	Google Chrome Microsoft Edge Firefox	Windows	.ps1
MacOS Shell Script	This format is required when you use a UEM to deploy the organization token on MacOS devices. Execute the script as root.	Google Chrome Microsoft Edge Firefox Safari	MacOS	.sh

Note: The UEM must be configured to re-execute the script to deploy the organization token if a new end-user accesses a browser on a managed device. There is no problem to run the script multiple times on any device.

Downloading an organization token

You'll need to download an organization token that is unique to your organization. The downloaded token must be in the appropriate format - based on the UEM tool that you'll be using to deploy the token, and the environment of the target devices [Windows or MacOS].

To download an organization token:

1. In the Advanced Browser Security console, click Settings > Deployment options.

2. Locate the "Connecting the extension to the ABS organization" section.

   

3. Download the required organization-token file:

   	Google Chrome	Windows	MacOS
   	Click Google Workspace, and then download the Google Workspace organization token file (.txt). [Download file name: perception-point-organization-token.txt]	Click Windows, and then download the PowerShell (.ps1) script. [Download file name: perception-point-organization-token.ps1]	Click MacOS, and then download the MacOS Shell Script (.sh) script. [Download file name: perception-point-organization-token.sh]

For information about how to incorporate the downloaded organization-token file into a UEM deployment procedure, see Step 2: Connecting the extension via UEM solutions [Generic].

See also: 

• Browser Extension Topics