Installing Browser Protector on macOS Using Kandji
Deploy Protegrity Browser Protector remotely on macOS end-user devices Using Kandji.
Deploy Protegrity Browser Protector Extension Using Kandji
Follow these steps to configure and deploy the .mobileconfig files for the Protegrity Browser Protector policy using Kandji.
Testing .mobileconfig
- Test the
.mobileconfigfile on a single device before deploying it to a large number of devices. - If modifications are needed, edit the
.mobileconfigfile, re-upload it to Kandji, and reassign it to the blueprint.
Prepare the Browser Extension installation/update .mobileconfig File
- Use the
.mobileconfigfile below. Make sure to:- Replace
https://s3.region.amazonaws.com/s3-bucket-name/update.xmlwith the actual URL to a manifest.xml hosted on a private server.
- Replace
- Save the file with a recognizable name, such as
ProtegrityBrowserProtector.mobileconfig.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.protegrity.browserprotector.install</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Protegrity Browser Protector Management</string>
<key>PayloadContent</key>
<dict>
<key>com.google.Chrome</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ExtensionSettings</key>
<dict>
<!-- Protegrity Browser Protector Installation/Updates -->
<key>pty_extension_id</key>
<dict>
<key>installation_mode</key>
<string>normal_installed</string>
<key>update_url</key>
<string>https://s3.region.amazonaws.com/s3-bucket-name/update.xml</string>
<key>override_update_url</key>
<true/>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Configuration for managing the Protegrity Browser Protector Chrome extension.</string>
<key>PayloadDisplayName</key>
<string>Protegrity Browser Protector Management</string>
<key>PayloadIdentifier</key>
<string>com.protegrity.browserprotector.install</string>
<key>PayloadOrganization</key>
<string>Protegrity Inc.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Prepare the Browser Extension Configuration .mobileconfig File
- Use the
.mobileconfigfile below. Make sure to:- Replace
pty_extension_idwith the extension id. - Replace all placeholder values (e.g.,
app_registration_client_id,protector_endpoint_url, etc.) with configuration values recorded in pre-configuration chapter.
- Replace
- Save the file with a recognizable name, such as
ProtegrityBrowserProtectorSettings.mobileconfig.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.protegrity.browserprotector.settings</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Protegrity Browser Protector Management</string>
<key>PayloadContent</key>
<dict>
<!-- Protegrity Browser Protector Configuration -->
<key>com.google.Chrome.extensions.pty_extension_id</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ProtegrityBrowserProtector</key>
<dict>
<key>serviceEndpoint</key>
<dict>
<key>authentication</key>
<dict>
<key>type</key>
<string>oauth2</string>
<key>identityProvider</key>
<string>microsoft_entra_id</string>
<key>settings</key>
<dict>
<key>msal_api</key>
<dict>
<key>clientId</key>
<string>app_registration_client_id</string>
<key>authority</key>
<string>https://login.microsoftonline.com/app_registration_tenant_id</string>
</dict>
<key>scopes</key>
<array>
<string>app_registration_client_id/.default</string>
</array>
</dict>
</dict>
<key>url</key>
<string>protector_endpoint_url</string>
</dict>
<key>dataElements</key>
<array>
<dict>
<key>value</key>
<string>data_element_1</string>
<key>label</key>
<string>data_element_1_label</string>
</dict>
<dict>
<key>value</key>
<string>data_element_2</string>
<key>label</key>
<string>data_element_2_label</string>
</dict>
</array>
<key>adminContactInfo</key>
<dict>
<key>url</key>
<string>extension_admin_page_url</string>
<key>phone</key>
<string>extension_admin_phone</string>
<key>email</key>
<string>extension_admin_email</string>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Configuration for managing the Protegrity Browser Protector Chrome extension.</string>
<key>PayloadDisplayName</key>
<string>Protegrity Browser Protector Management</string>
<key>PayloadIdentifier</key>
<string>com.protegrity.browserprotector.settings</string>
<key>PayloadOrganization</key>
<string>Protegrity Inc.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Log In to Kandji
Visit the Kandji dashboard and log in with your administrative credentials.
Create a New Library Item
- Navigate to the Library section in the Kandji dashboard.
- Click Add New in the upper-right corner.
- Select Custom Profile from the list of options.
Upload the .mobileconfig Files
- In the Custom Profile section:
- Click Upload Profile.
- Select your
ProtegrityBrowserProtector.mobileconfigfile.
- Kandji will parse the
.mobileconfigfile and display its configuration details.
Review and Verify the Profile
- Carefully review the uploaded configuration:
- Ensure the
Payload Display Name,Payload Description, and other details match the intended configuration. - Confirm that the policy enforces the Protegrity Browser Protector settings correctly.
- Ensure the
- Click Save to save the profile.
Assign the Profile to a Blueprint
- Go to the Blueprints section in the Kandji dashboard.
- Select the blueprint for the devices you want to apply this policy to.
- Click Edit Blueprint.
- Scroll to the Custom Profiles section and click Add.
- Select the newly created Protegrity Browser Protector profile from the list.
- Click Save Changes to update the blueprint.
Deploy the Policy
- Devices assigned to the blueprint will automatically receive the new configuration the next time they check in with Kandji.
- To enforce the policy immediately:
- Go to the Devices section.
- Select a device assigned to the blueprint.
- Click Sync Device to push the updated configuration.
Verify Policy Deployment
- On a target device, open System Preferences > Profiles to confirm the new configuration profile (
Protegrity Browser Protector Management) is installed. - Open Google Chrome on the device and confirm:
- The Protegrity Browser Protector extension is installed.
- The enforced settings (OAuth2 authentication, service endpoint, etc.) are applied.
Optional: Monitor Compliance
- Navigate to the Devices section in Kandji to view the compliance status.
- Look for any deployment errors or issues and resolve them as necessary.
Feedback
Was this page helpful?