Unattended activation mode

This page includes:

• Unattended activation mode
  • About the unattended activation mode
  • Limitations of unattended activation
  • When are users created
  • Implementing unattended activation - the process
  • Enabling or disabling the unattended activation mode
  • Checking the extension deployment status

About the unattended activation mode

Note: Unattended activation may be included in Step 3 of the extension deployment process - Activating the extension. For an overview of Step 3, see Step 3: Activating the extension on endpoints. For an overview of the extension deployment process, see Deploying the extension [Managed deployment].

The unattended activation mode can be used when deploying the extension. This mode enables the extension to be activated without requiring any user input. There is a single "unattended activation" setting [enabled or disabled] that affects the deployment of all ABS extensions in the organization.

While the unattended activation mode is enabled:

• new end-users are automatically signed-in to the extension - no input is required from the end-users. The unattended activation mode is therefore recommended in scenarios where there must always be zero user input in order to sign-in end-users to the extension.

• new end-users will be identified in the Advanced Browser Security console by their work email addresses - if Advanced Browser Security is able to determine the work email addresses. If Advanced Browser Security isn't able to determine the work email addresses, then the end-users will be identified by their "local signed-on user names" - not by their email addresses.

• new end-users will be assigned the default policy - policy assignment rules are not applied. If required, policies can be manually assigned after the new end-users have been signed-in to the extension.

Note: An organization token must be deployed in your organization to enable unattended activation to function. For details, see Step 2: Connecting the extension via UEM solutions [Generic].

Limitations of unattended activation

• If Advanced Browser Security isn't able to determine the work email addresses for end-users, the unattended activation should be used only in those organizations that provide a unique local signed-on user name for each employee.

• Unattended activation can be used only with managed deployments [those that are performed by UEMs] - not with manual deployments. [See Deploying the extension [Managed deployment]]

• Unattended activation is compatible with managed deployments on both Windows and MacOS. However, unattended activation is not compatible with managed deployments via Google Workspace. [See Deployment via Google Workspace]

• Unattended activation is not compatible with SSO. If you are enabling SSO, don't enable unattended activation.

• If Advanced Browser Security isn't able to determine the work email addresses for end-users, then the end-users will be identified by their "local signed-on user names" - not by their email addresses. This prevents email connectivity between "Advanced Browser Security" and "Advanced Email Security".

  Email connectivity

  If an organization uses both of the Perception Point security solutions - "Advanced Browser Security" and "Advanced Email Security" - there may be a connection between the two security solutions. For example, it is possible to configure Advanced Browser Security so that if an end-user accesses a URL that originated in an email that was determined to be suspicious by X-Ray, then a warning will be shown to the end-user before accessing the URL. [See Website detection options] The connection between the two security solutions in based on the end-user's email.

  The manual and SAML sign-in methods always enable the email connectivity. Unattended activation doesn't always enable the email connectivity. Therefore, if your organization is using both "Advanced Browser Security" and "Advanced Email Security", it is recommended that you use either manual or SAML to sign-in users - or make sure that the unattended activation mode is able to determine the work email addresses for your end-users.

When are users created

When the unattended activation mode is enabled for an organization, a user is created in the ABS system when all the following conditions are in place:

1. The extension has been installed on the endpoint device	Step 1: Installing the extension via UEM solutions [Generic]
2. The installed extension has been connected to the ABS organization	Step 2: Connecting the extension via UEM solutions [Generic]
3. "Unattended activation" has been enabled for the organization	Step 3: Activating the extension on endpoints

Note: A user won't be added to the Advanced Browser Security console until all three of the above conditions are met for that user. If a user's endpoint device is not available [for example, the device is not On], the user won't be added to the Advanced Browser Security console.

Implementing unattended activation - the process

After you have completed Step 2 of the extension deployment process - Connecting the extension, you can perform Step 3 of the process - Activating the extension. Unattended activation is one of the options available for activating the extension. For more information about Step 3, see Step 3: Activating the extension on endpoints.

Implementing unattended activation includes the following two procedures:

Enabling or disabling the unattended activation mode Checking the extension deployment status

Enabling or disabling the unattended activation mode

There is a single "unattended activation" setting [enabled or disabled] that affects the deployment of all ABS extensions in the organization.

To enable or disable the unattended activation mode:

1. In the Advanced Browser Security console, click Settings > Deployment options.

2. Under "Connecting the extension to the ABS organization", open the "Unattended activation" dropdown.

3. Turn on or off the "Automatic extension activation without user authentication" toggle - as required.

   

Checking the extension deployment status

After you have enabled unattended activation in your organization, it is recommended that you check that the extension has been successfully deployed on the endpoint devices. You can check the extension deployment status:

• remotely, from the Advanced Browser Security console, or

• on each individual endpoint device

From the Advanced Browser Security console

You can use the Advanced Browser Security console to check the deployment status of the extensions for all end users.

To check that users were correctly created and extensions are activated:

1. In the Advanced Browser Security console, navigate to the Users > Users page.

   A User status of either Active or Inactive indicates that the extension for that user is installed and activated.

   

   For details on the available user statuses, see Understanding user status.

2. Check that the expected number of users has been created.

   Note: If a user's endpoint device is not available [for example, the device is not On], the user will not be added to the Advanced Browser Security console.

3. You can also see the Advanced Browser Security Dashboard for an overview of the number of users that are signed-in to Advanced Browser Security. For details, see Dashboard.

From the endpoints

The orange "Advanced Browser Security" icon on the right of the browser toolbar indicates if the extension has been installed, and if the extension has been activated:

The extension has been deployed - but not yet activated
The extension has been deployed - and activated

See also: 

• Browser Extension Topics