Pre-Configuration on

Extension Source Code

Mon, 01 Jan 0001 00:00:00 +0000

Setting up the Browser Protector Extension For Distribution

Before deploying the Protegrity Browser Protector extension in your organization, you must set up the extension source code for secure distribution. This involves signing the extension and packaging it into a .crx file, which can then be distributed to users or deployed via MDM tools like Microsoft Intune.

Signing the extension ensures its integrity and authenticity, allowing browsers to verify that the extension has not been tampered with and originates from a trusted source. Packaging the extension into a .crx file makes it suitable for enterprise distribution and deployment.

Host Extension On Private Server

Mon, 01 Jan 0001 00:00:00 +0000

Prepare the .crx File

Ensure you have the .crx file for Protegrity Browser Protector extension. If you haven’t created one yet, follow the steps in the Extension Source Code section.

Set Up HTTPS File Hosting

HTTPS File hosting service is required to host the .crx file. This can be any web server, such as, Apache, Nginx, or a cloud storage service.

Set Up an Amazon S3 Bucket

Create a new S3 bucket:

Entra ID Configuration

Mon, 01 Jan 0001 00:00:00 +0000

Configuring Entra ID Single Sign-On (SSO) for Protegrity Browser Protector

To enable SSO using Microsoft Entra ID, formerly Azure AD, for the Protegrity Browser Protector extension, follow the steps below.

Create a New App Registration

Log in to the Microsoft Entra Admin Center.
Navigate to App registrations > New registration.
Provide the following details for the new app:
- Name: Enter a name for the app, for example, Protegrity Browser Protector.
- Supported account types: Choose the account type suitable for your organization. For example, accounts in this organizational directory only.
- Redirect URI: Leave this blank for now; you will configure it in a later step.
Click Register to create the app registration.
After registration, copy the app_registration_client_id and app_registration_tenant_id displayed on the app overview page. You’ll need these IDs for configuration in Set Up Configuration File for Browser Protector.

Add Redirect URI for Single-Page Application

Log in to the Microsoft Entra Admin Center.
In the app registration overview, navigate to the Authentication tab.
Under Platform configurations, click Add a platform.
Select Single-page application from the list.
Add a new Redirect URI with the following format:
- Format: https://pty_extension_id.chromiumapp.org
- Example: https://epfnbngoodhmbeepjlcohfacgnbhbhah.chromiumapp.org/
- Replace pty_extension_id with extension id recorded in Extension Source section.
Scroll down and set the Logout URL to the same URI:
- Example: https://epfnbngoodhmbeepjlcohfacgnbhbhah.chromiumapp.org/
Click Save to apply the changes.

Finalize Authentication Settings

In the Microsoft Entra Admin Center, ensure that:
- Access tokens and ID tokens are enabled in the Implicit grant and hybrid flows section.
- Redirect URIs are correctly configured.
Save the changes.

Set Up Configuration File for Browser Protector

Mon, 01 Jan 0001 00:00:00 +0000

Configuring the Protegrity Browser Protector

The Protegrity Browser Protector can be customized and managed using a configuration file in JSON format distributed via MDM tools described in the installation chapters. The configuration file defines key settings, such as the service endpoint for tokenization, authentication service configuration, the data elements to be used to protect clear text values as well as administrative contact information display in the Browser Protector Extension.

Configuration File Overview

Below is an example configuration file for the Protegrity Browser Protector: