Skip to main content

Configure browser extensions

Learn how to configure the Snow Atlas browser extension for SaaS. This requires local installations in your environment.

If you are looking for configuration of the agent-based browser extensions for SaaS, see Agent-based browser extensions.

Prerequisites

You must Create token broker registrations and Install token broker proxy before you can configure the browser extension.

To configure the browser extension, you need to prepare the following values:

  • MTLS client certificates to install your users' machines, with email address as unique identifier. For more information, see MTLS certificates.

  • The URL of your Snow Atlas instance

    It is located in Snow Atlas settings, on the License details page, on the General information tab. It is the API URL value.

  • The URL of your token broker proxy in the format: https://{domain}:{port}

    For more information, see Parameters required.

  • The browser extension ID: phedkgfibodcejnchpjemjnclicpamkp

    You can also find this ID in the extension details of an installed extension.

Procedure

These steps outline the respective configuration values for both Google Chrome and Microsoft Edge, on Windows and macOS respectively.

You are recommended to configure the browser extension before the installation in browsers. To make sure the installation and configuration happens in a timely manner, you are recommended to include them in a script and roll out the extension by policy, for example, with Microsoft Intune. Learn more about browser extension management in Google's documentation Managing Extensions in Your Enterprise.

The client certificates and the browser extensions must be configured and installed on the end users' devices in your organization.

  1. Install the client certificates, that have email address as unique identifier, to all users in your IT estate, unless already done.

  2. If you have users on Windows:

    1. In Windows registry, create the following path for the respective browsers:

      • Google Chrome: SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\phedkgfibodcejnchpjemjnclicpamkp\policy

      • Microsoft Edge: SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\phedkgfibodcejnchpjemjnclicpamkp\policy

    2. Add registry values in the respective registries:

      • Set atlasUrl key to the URL of your Snow Atlas instance.

      • Set tokenBrokerUrl key to the URL of your token broker proxy, in the format https://{domain}:{port}.

    3. In the respective created registries, select a new key and name it AutoSelectCertificateForUrls.

      For information on how to populate the values in the key, see Chrome Enterprise documentation . The pattern must point to your token broker proxy instance.

      • Google Chrome registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome

      • Microsoft Edge registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge

  3. If you have users on macOS:

    1. Create a chrome-extension.plist file using the template below, with one dict section for Google Chrome and for Microsoft Edge respectively, and enter the values as indicated below in the list.

      • {browser}: com.google.Chrome and com.microsoft.Edge respectively

      • {extension-id}: phedkgfibodcejnchpjemjnclicpamkp

      • {atlas-url}: the URL of your Snow Atlas instance

      • {token-broker-url}: the URL of your token broker proxy in the format https://{domain}:{port}

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
      <plist version="1.0">
          <dict>
              <key>{browser}.extensions.{extension-id}</key>
               <dict>
                  <key>atlasUrl</key>
                  <dict>
                      <key>state</key>
                      <string>always</string>
                      <key>value</key>
                      <string>{atlas-url}</string>
                  </dict>
                  <key>tokenBrokerUrl</key>
                  <dict>
                      <key>state</key>
                      <string>always</string>
                      <key>value</key>
                      <string>{token-broker-url}</string>
                  </dict>
              </dict>
          </dict>
      </plist>

    2. Run the following command, for Google Chrome and Microsoft Edge respectively, and substitute {admin-username} with a valid administrator username, and {chrome-extension.plist} with the path to the plist configuration created in Step 3.i of Procedure:

       dscl -u {admin-username} /Local/Default -mcximport /Computers/local_computer {chrome-extension.plist}
      tip

      If dscl complains that the path is invalid, you can create a node for the local computer with the following commands, replacing {admin-username} with the actual admin username:

      GUID=$(uuidgen)
      ETHER=$(ifconfig en0 | awk '/ether/ {print $2}')
      dscl -u {admin-username} /Local/Default -create /Computers/local_computer
      dscl -u {admin-username} /Local/Default -create /Computers/local_computer RealName "Local Computer"
      dscl -u {admin-username} /Local/Default -create /Computers/local_computer GeneratedUID $GUID
      dscl -u {admin-username} /Local/Default -create /Computers/local_computer ENetAddress $ETHER

    3. Run the following command, for Google Chrome and Microsoft Edge respectively, to propagate these changes immediately:

      sudo mcxrefresh -n {admin-username}

    4. To automatically select the certificate, add an AutoSelectCertificateForUrls policy, for Google Chrome and Microsoft Edge respectively.

      For information on how to populate the values in the key, see Chrome Enterprise documentation . The pattern must point to your token broker proxy instance.

      Update the ISSUER property to filter on your intended certificate.

      • For Google Chrome, run the following command:

        echo Enable autoselect for certificates
        defaults read com.google.Chrome | grep  '*' && echo "policy with * is already added, check if it's correct" || (defaults write com.google.Chrome AutoSelectCertificateForUrls -array && defaults write com.google.Chrome AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"C":"US"}}}')

      • For Microsoft Edge, run the following command:

        echo Enable autoselect for certificates
        defaults read com.microsoft.Edge | grep  '*' && echo "policy with * is already added, check if it's correct" || (defaults write com.microsoft.Edge AutoSelectCertificateForUrls -array && defaults write com.microsoft.Edge AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"C":"US"}}}')

  4. Install the browser extension to applicable browsers in your IT estate.

    The extension Snow SaaS app discovery and usage is available in Chrome Web Store .

For more information on what data the browser extension collects, see Data retrieved by the browser extension.