Set Up Configuration File for Browser Protector

Prepare configuration JSON with Browser Protector Settings.

Configuring the Protegrity Browser Protector

The Protegrity Browser Protector can be customized and managed using a configuration file in JSON format distributed via MDM tools described in the installation chapters. The configuration file defines key settings, such as the service endpoint for tokenization, authentication service configuration, the data elements to be used to protect clear text values as well as administrative contact information display in the Browser Protector Extension.

Configuration File Overview

Below is an example configuration file for the Protegrity Browser Protector:

{
  "serviceEndpoint": {
    "authentication": {
      "type": "oauth2",
      "identityProvider": "microsoft_entra_id",
      "login_email_or_domain_hint": "",
      "settings": {
        "msal_api": {
          "clientId": "app_registration_client_id",
          "authority": "https://login.microsoftonline.com/app_registration_tenant_id"
        },
        "scopes": [
          "app_registration_client_id/.default"
        ]
      }
    },
    "url": "protector_endpoint_url"
  },
  "dataElements": [
    {
      "value": "data_element_1",
      "label": "data_element_1_label"
    },
    {
      "value": "data_element_2",
      "label": "data_element_2_label"
    }
  ],
  "adminContactInfo": {
    "url": "extension_admin_page_url",
    "phone": "extension_admin_phone",
    "email": "extension_admin_email"
  }
}

Summary Table of Placeholder Values

After completing all steps in pre-configuration chapter, you should have the following values recorded.

ParameterDescriptionExample Value
app_registration_client_idClient ID of the app registration.12345-abcde-67890-fghij
app_registration_tenant_idTenant ID of the organization in Microsoft Entra ID.abcdef12-3456-7890-abcd-ef1234567890
login_email_or_domain_hintLogin Email or Domain Name hint - used during Oauth single sign-on

Possible Values

  • Domain name (e.g., domain.com)
  • Login email (e.g., user@domain.com)

Platform-Specific Behavior

Windows

Optional. While not required, providing this value improves the login experience by eliminating the need to select an account, particularly when users are signed into multiple accounts.

MacOS

Required. Essential when users are signed into multiple accounts. Due to macOS popup window behavior (popups close when new windows appear), a login/domain hint must be provided during the single sign-on process.

protector_endpoint_urlURL of the Cloud Protegrity service API endpoint.
AWS: https://{ApiGatewayId}.execute-api.{Region}.amazonaws.com/pty
GCP: https://{region}-{project-name}.cloudfunctions.net/{function-name}/api
Azure: https://{function-name}.azurewebsites.net/api/v1/unprotect?code={appKey}
dataElementsList of data elements configured on ESA for Cloud API on AWS.
  • Value: Unique name identifying the data element.
  • Label: An alternate name shown in the UI to help users identify the data element.

    • For more information on how it is displayed in the UI, refer to the
"dataElements": [
		{
			"value": "deName",
			"label": "Unprotect First Name"
		},
		{
			"value": "deAddress",
			"label": "Unprotect Address"
		}
	]
extension_admin_page_urlURL to the administrator's support page.https://support.your-organization.com/
extension_admin_phonePhone number for administrator support.+1-800-123-4567
extension_admin_emailEmail address for administrator support.admin@protegrity.com

Last modified : January 13, 2026