Configure browser extensions
Learn how to configure the Snow Atlas browser extension for SaaS. This requires local installations in your environment.
If you are looking for configuration of the agent-based browser extensions for SaaS, see Agent-based browser extensions.
Prerequisites
You must Create token broker registrations and Install token broker proxy before you can configure the browser extension.
To configure the browser extension, you need to prepare the following values:
-
MTLS client certificates to install your users' machines, with email address as unique identifier. For more information, see MTLS certificates.
-
The URL of your Snow Atlas instance
It is located in Snow Atlas settings, on the License details page, on the General information tab. It is the API URL value.
-
The URL of your token broker proxy in the format:
https://{domain}:{port}
For more information, see Parameters required.
-
The browser extension ID:
phedkgfibodcejnchpjemjnclicpamkp
You can also find this ID in the extension details of an installed extension.
Procedure
These steps outline the respective configuration values for both Google Chrome and Microsoft Edge, on Windows and macOS respectively.
You are recommended to configure the browser extension before the installation in browsers. To make sure the installation and configuration happens in a timely manner, you are recommended to include them in a script and roll out the extension by policy, for example, with Microsoft Intune. Learn more about browser extension management in Google's documentation Managing Extensions in Your Enterprise.
The client certificates and the browser extensions must be configured and installed on the end users' devices in your organization.
-
Install the client certificates, that have email address as unique identifier, to all users in your IT estate, unless already done.
-
If you have users on Windows:
-
In Windows registry, create the following path for the respective browsers:
-
Google Chrome:
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\phedkgfibodcejnchpjemjnclicpamkp\policy
-
Microsoft Edge:
SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\phedkgfibodcejnchpjemjnclicpamkp\policy
-
-
Add registry values in the respective registries:
-
Set
atlasUrl
key to the URL of your Snow Atlas instance. -
Set
tokenBrokerUrl
key to the URL of your token broker proxy, in the formathttps://{domain}:{port}
.
-
-
In the respective created registries, select a new key and name it
AutoSelectCertificateForUrls
.For information on how to populate the values in the key, see Chrome Enterprise documentation . The
pattern
must point to your token broker proxy instance.-
Google Chrome registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
-
Microsoft Edge registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
-
-
-
If you have users on macOS:
-
Create a
chrome-extension.plist
file using the template below, with onedict
section for Google Chrome and for Microsoft Edge respectively, and enter the values as indicated below in the list.-
{browser}
:com.google.Chrome
andcom.microsoft.Edge
respectively -
{extension-id}
:phedkgfibodcejnchpjemjnclicpamkp
-
{atlas-url}
: the URL of your Snow Atlas instance -
{token-broker-url}
: the URL of your token broker proxy in the formathttps://{domain}:{port}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>{browser}.extensions.{extension-id}</key>
<dict>
<key>atlasUrl</key>
<dict>
<key>state</key>
<string>always</string>
<key>value</key>
<string>{atlas-url}</string>
</dict>
<key>tokenBrokerUrl</key>
<dict>
<key>state</key>
<string>always</string>
<key>value</key>
<string>{token-broker-url}</string>
</dict>
</dict>
</dict>
</plist> -
-
Run the following command, for Google Chrome and Microsoft Edge respectively, and substitute
{admin-username}
with a valid administrator username, and{chrome-extension.plist}
with the path to the plist configuration created in Step 3.i of Procedure:dscl -u {admin-username} /Local/Default -mcximport /Computers/local_computer {chrome-extension.plist}
tipIf
dscl
complains that the path is invalid, you can create a node for the local computer with the following commands, replacing{admin-username}
with the actual admin username:GUID=$(uuidgen)
ETHER=$(ifconfig en0 | awk '/ether/ {print $2}')
dscl -u {admin-username} /Local/Default -create /Computers/local_computer
dscl -u {admin-username} /Local/Default -create /Computers/local_computer RealName "Local Computer"
dscl -u {admin-username} /Local/Default -create /Computers/local_computer GeneratedUID $GUID
dscl -u {admin-username} /Local/Default -create /Computers/local_computer ENetAddress $ETHER -
Run the following command, for Google Chrome and Microsoft Edge respectively, to propagate these changes immediately:
sudo mcxrefresh -n {admin-username}
-
To automatically select the certificate, add an
AutoSelectCertificateForUrls
policy, for Google Chrome and Microsoft Edge respectively.For information on how to populate the values in the key, see Chrome Enterprise documentation . The
pattern
must point to your token broker proxy instance.Update the
ISSUER
property to filter on your intended certificate.-
For Google Chrome, run the following command:
echo Enable autoselect for certificates
defaults read com.google.Chrome | grep '*' && echo "policy with * is already added, check if it's correct" || (defaults write com.google.Chrome AutoSelectCertificateForUrls -array && defaults write com.google.Chrome AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"C":"US"}}}') -
For Microsoft Edge, run the following command:
echo Enable autoselect for certificates
defaults read com.microsoft.Edge | grep '*' && echo "policy with * is already added, check if it's correct" || (defaults write com.microsoft.Edge AutoSelectCertificateForUrls -array && defaults write com.microsoft.Edge AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"C":"US"}}}')
-
-
-
Install the browser extension to applicable browsers in your IT estate.
The extension Snow SaaS app discovery and usage is available in Chrome Web Store .
For more information on what data the browser extension collects, see Data retrieved by the browser extension.