All pages
Powered by GitBook
1 of 17

Browser Extension (KeeperFill)

KeeperFill makes it easy to login, save passwords and access your vault on web browsers.

Overview

The KeeperFill browser extension can be installed directly by the user or pushed to users by the Keeper administrator.

Direct Install from App Stores

The latest KeeperFill Browser Extension can be installed by users at the links below, or by visiting the Keeper download page. Chrome, Brave, Opera and other Chromium-based Browsers: https://chrome.google.com/webstore/detail/keeper%C2%AE-password-manager/bfogiafebfohielmmehodmfbbebbbpei Firefox: https://addons.mozilla.org/en-US/firefox/addon/keeper-password-manager/ Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/keeper%C2%AE-password-manager-/lfochlioelphaglamdcakfjemolpichk

Safari: https://apps.apple.com/us/app/keeper-for-safari/id6444685332

Admin Deployment

Chrome, Edge and Firefox deployment guides are linked below:

Deployment with MDM Platforms

For environments where devices are managed through platforms such as Microsoft Intune or Jamf.

Offline / Direct Downloads

If your group policy does not support installation of extensions, your SCCM administrator may be able to use the below links to push the extensions or directly:

Direct package install is not recommended for most environments. Using app store management portals such as Google Admin are preferred.

End-User Guides

User guides are available for every web browser at the links below:

Mac

Deploying KeeperFill to macOS devices using device management platforms

MDM Deployment for macOS

Follow these steps to deploy KeeperFill to all Mac devices in your organization using your preferred device management platform.

To set up KeeperFill on Mac, you create configuration files in MCX Property List (.plist) format. When you deploy the configuration files to the device using your preferred mobile device management (MDM) tool, the settings are applied.

These procedures are a General Guide and assume that you have already deployed the Chrome Browser within your organization.

Overview of steps

  1. Use your preferred editor to create the Keeper .plist policy file.

  2. Set up KeeperFill browser extensions.

  3. Push the configuration files to all macOS devices in your organization using your preferred mobile device management (MDM) tool.

PLIST (.plist) Policy Deployment

Deploying KeeperFill to Chrome via PLIST Policy

Deploying Keeper Chrome Browser Extension via PLIST Policy

Create a Keeper plist policy configuration file

If you currently do not have a Policy file created, please proceed to creating your Keeper plist policy file to your desired location, Ex: /tmp and name it com.google.Chrome.plist by selecting GO on the top Menu Bar of you MacOS Desktop and select Terminal to open a Terminal Console.

MacOS Terminal Utility

Copy and paste the contents below, into your Terminal, and hit Enter / Return. This will create your plist file within the /tmp directory and display that the file is there.

cd /tmp
touch com.google.Chrome.plist
ls -la
plist file creation

In your preferred file editor or basic file editor, copy, paste and save the contents, below, into the com.google.Chrome.plist file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>ExtensionSettings</key>
		<dict>
			<key>bfogiafebfohielmmehodmfbbebbbpei</key>
			<dict>
				<key>installation_mode</key>
				<string>force_installed</string>
				<key>update_url</key>
				<string>https://clients2.google.com/service/update2/crx</string>
			</dict>
		</dict>
                <key>ExtensionPolicies</key>
		<!-- Chrome policies should be outside of ExtensionSettings -->
		<key>PasswordManagerEnabled</key>
		<false/>
		<key>AutofillCreditCardEnabled</key>
		<false/>
		<key>AutofillAddressEnabled</key>
		<false/>
	</dict>
</plist>

Deploying your PLIST Policy

There are multiple tools to deploy your PLIST policy. In the next set on instructions, we will walk through deploying your PLIST policy file via Jamf Pro, AirWatch and Microsoft Intune.

Jamf Pro Policy Deployment - Chrome

Deploying Custom Configuration Profiles using Jamf Pro

Deploying Google Chrome PLIST (.plist) Policy using Jamf Pro

This is a general overview of how to deploy Google Chrome's .plist configuration profile, to computers within your organization, using Jamf Pro.

Upload Created PLIST File

Upload the manually created Google Chrome PLIST file that defines the properties for the preference domain you specify in Jamf Pro.

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Configuration Profiles.

  4. Click New.

  5. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.

  6. Click the Application & Custom Settings payload, and then click Upload.

  7. Click Add.

  8. Enter com.google.Chrome in the Preference Domain field.

  9. To upload the custom PLIST file choose Upload File, enter the preference domain for which you want to set properties. Click Upload PLIST File, and then choose the com.google.Chrome.plist file previously created.

Note: If the PLIST file contains formatting errors, follow the PLIST (.plist) Policy Deployment instructions to remediate the issue.

10. Click the Scope tab, and then configure the scope of the configuration profile. 11. Click Save.

Jamf Pro Configuration Profile

Microsoft Intune Policy Deployment - Chrome

Deploying Custom Configuration Profiles using Microsoft Intune

Deploying Google Chrome PLIST (.plist) Policy using Microsoft Intune

This is a general overview of how to deploy Google Chrome .plist configuration profile, to computers within your organization, using Microsoft Intune.

Create the Google Chrome profile

  1. Sign in to the Microsoft Endpoint Manager admin center.

  2. Select Devices > Configuration profiles > Create profile.

  3. Enter the following properties:

    • Platform: Select macOS

    • Profile: Select Preference file.

  4. Select Create.

5. In Basics, enter the following properties:

  • Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name is macOS: Add preference file that configures Google Chrome on devices.

  • Description: Enter a description for the policy. This setting is optional, but recommended.

6. Select Next.

7. In Configuration settings, configure your settings:

  • Preference domain name: Enter the bundle ID as com.google.Chrome

  • Property list file: Select the property list file associated with your app. Be sure to choose the com.google.Chrome.plist file previously created.

The key information in the property list file is shown. If you need to change the key information, open the list file in another editor, and then re-upload the file in Intune.

Note: Be sure your file is formatted correctly. The file should only have key value pairs, and shouldn't be wrapped in <dict>, <plist>, or <xml> tags. If the PLIST file contains formatting errors, follow the PLIST (.plist) Policy Deployment instructions to remediate the issue.

8. Select Next.

9. In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-IL IT Team or Chicago_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.

10. Select Next.

11. In Assignments, select the users or groups that will receive your profile. For more information on assigning profiles, see Assign user and device profiles.

12. Select Next.

13. In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.

Assign the Google Chrome profile

  1. Select Devices > Configuration profiles. All the profiles are listed.

  2. Select the profile you want to assign > Properties > Assignments > Edit:

    Select assignments to deploy the profile to users and groups in Microsoft Intune and Endpoint Manager

  3. Select Included groups or Excluded groups, and then choose Select groups to include. When you select your groups, you're choosing an Azure AD group. To select multiple groups, hold down the Ctrl key, and select your groups.

  4. Select Review + Save. This step doesn't assign your profile.

  5. Select Save. When you save, your profile is assigned. Your groups will receive your profile settings when the devices check in with the Intune service.

Include or exclude users and groups when assigning or deploying a profile in Microsoft Intune and Endpoint Manager.

Use scope tags or applicability rules

When you create or update a profile, you can also add scope tags and applicability rules to the profile.

Scope tags are a great way to filter profiles to specific groups, such as US-IL IT Team or Chicago_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.

Linux

Deploying KeeperFill to Linux devices using device management platforms

Set up KeeperFill on Linux

Follow these steps to deploy KeeperFill to all Linux devices in your organization using your preferred deployment tool or script.

To set up KeeperFill on Linux, you create configuration files in JavaScript Object Notation (.json) format.

These procedures are a General Guide and assume that you have already deployed the Chrome Browser within your organization.

Overview of steps

  1. Use your preferred editor to create the Keeper JSON policy file.

  2. Set up KeeperFill browser extensions.

  3. Push the configuration files to all Linux PCs in your organization using your preferred deployment tool or script.

JSON Policy Deployment - Chrome

Deploying KeeperFill via JSON Policy

Deploying Keeper Chrome Browser Extension via JSON Policies

Step 1: Create a Keeper JSON policy configuration file

  1. If you currently do not have JSON Policy files created in which you want to utilize to deploy the Keeper Browser extension to all PCs in your organization, please proceed to creating your Keeper JSON policy file to your desired location, Ex: /tmp, and name it keeperbe.json

Creating keeperbe.json file via Linux GUI

OR create your keeperbe.json file via command-line

cd /tmp
touch keeperbe.json

2. In your preferred JSON file editor or basic file editor, copy, paste and save the contents, below, into the keeperbe.json file or the policy file in which you currently utilize for your organization.

{
  "ExtensionSettings": {
    "bfogiafebfohielmmehodmfbbebbbpei": {
      "installation_mode": "force_installed",
      "update_url":
        "https://clients2.google.com/service/update2/crx"
    },
  }
}

Step 2: Setup configuration folders

If you currently have configuration folders setup for the user PCs in your organization, proceed to Step 3: Deploying the Keeper JSON Policy File.

On each PC, in your organization, that you would like to apply this policy on, you’ll need at least one folder to apply this policy.

  1. If it does not already exist, create the directory structure, verbatim, as follows; /etc/opt/chrome/policies/managedand set the proper permissions for that directory.

Creating managed policy directory via Linux GUI

OR create your directory structure via command-line

mkdir /etc/opt/chrome/policies/managed
chmod -w /etc/opt/chrome/policies/managed

The creation of this directory will most likely NOT be in the same directory as where Chrome is installed on the target Linux devices. Ex: My Chrome installed directory is /opt/google/chrome but my managed policy directory, in which my organization manages my Chrome install, is in the /etc/opt/chrome/policies/managed directory.

Step 3: Deploying the Keeper JSON Policy File

Use your preferred method (utility or script) to push the keeperbe.json policy file and Chrome Browser to the target Linux devices in your organization.

  • Push the keeperbe.json file to the /etc/opt/chrome/policies/managed directory on all target Linux devices in your network.

  • Confirm that the files are in the correct directories on all the target Linux devices.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied.

Successful KeeperFill Chrome Forced Install

You may need to select "Reload Policies" to apply this new policy to the target Linux devices.

Reload Chrome Policies

You may need to close and reopen Google Chrome before the new policies appear.

Windows

Deploying KeeperFill to Windows devices using device management platforms

There are many options to deploy the Keeper Browser Extension (KeeperFill) to browsers on Windows machines including Group Policy, SCCM and Intune.

Sample reference guides are linked below:

Group Policy Deployment - Chrome

Deploying KeeperFill via Group Policy

Deploying Keeper Chrome Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Chrome Policy Templates

On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: C:\temp

https://chromeenterprise.google/browser/download

  1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx directory to C:\Windows\PolicyDefinitions OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Chrome Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: “Chrome Policy

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Chrome Policy -> Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions then Right click and Edit the “Configure the list of force-installed apps and extensions

If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Google Chrome

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Show Forced Extensions

6. Add the following text and click OK.

bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx
Extension Policy

7. Click Apply, and then click OK

8. Disable Chrome's Built-In Password Manager by navigating to Google Chrome -> Password manager and then Right click and Edit the “Enable saving passwords to the password manager

Disabling Chrome Built-In Password Manager

9. Tick the "Disabled" button, and then click Apply, and then click OK.

Disabled Chrome Password Manager

10. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

Disable Chrome"s AutoFill Capabilities

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

Developer Tools Policy
Disallow Developer Tools

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Chrome Policy” and click “OK

Chrome Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Chrome Polices

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Google Chrome before the new policies appear.

Group Policy Deployment - Firefox

Deploying KeeperFill via Group Policy

Deploying Keeper Firefox Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Firefox Policy Templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Firefox Policy Templates

On your domain controller, download the zip file and extract the Firefox Policy Template file to your desired location. Ex: C:\temp

https://github.com/mozilla/policy-templates/releases

Step 2: Adding Firefox .admx and .adml files to Group Policy

  1. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.admx file located within the \policy_templates_v.(version)\windows directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.adml file located within the \policy_templates_v.(version)\windows\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Firefox Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Firefox Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: "Firefox Policy”

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Firefox Policy -> Computer Configuration -> Policies -> Administrative Templates -> Firefox -> Extensions then Right click and Edit the “Extensions to Install”

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Enabling Forced Extensions

6. Add the full hyperlink to the Add-on from Mozilla, like below:

Text to be added:
https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi
Adding Keeper Browser Extension App ID

7. Click Apply, and then click OK

Applying the Forced Installed Extension

8. Now proceed to right clicking and Edit the “Prevent extensions from being disabled or removed”

Prevent Keeper Browser Extension Removal

9. Add the URL again from Step 6 above in the value field.

Adding Keeper Browser Extension App ID

10. Click Apply, and then click OK

Applying the Prevent Installed Extension Removal

11. Disable the Firefox Built-In Password Manager by navigating direct within Firefox Administrative Templates Policy definitions and then Right click and edit both the Offer to save logins and Offer to save logins (default) and set to Disabled, Click Apply and then OK.

Firefox AutoFill Capabilities Policies
Disable Firefox AutoFill Capabilities

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Firefox Policy” and click “OK”

Firefox Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC within that OU, the “Firefox Policy” will automatically install the Keeper Security Browser Extension, if Firefox is installed on those PCs as well as disable Firefox's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Firefox Policies

On a target client device, open Firefox and navigate to about:policies to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Successful KeeperFill Firefox Forced Install

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Firefox before the new policies appear.

Group Policy Deployment - Edge

Deploying KeeperFill via Group Policy

Deploying Keeper Edge Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Microsoft Edge templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Edge Policy Templates

  1. On your domain controller, go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab), by clicking on "Get Policy Files" and extract the contents to your desired location. Ex: C:\temp

https://www.microsoft.com/en-us/edge/business/download
Download Policy Files

Please select and download the correct files in accordance to your organizations environment and preferences.

Accept Privacy Statement

2. Browse to the directory in which you saved the downloaded MicrosoftEdgePolicyTemplates.zip file. Extract the contents of the MicrosoftEdgePolicyTemplates.zip file to your desired location. Ex: C:\temp

Microsoft Edge Policy Template Initial Zip file

Step 2: Adding Edge .admx and .adml files to Group Policy

  1. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Edge Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Edge Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: “Edge Policy”

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Edge Policy -> Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions then Right click and Edit the “Control which extensions are installed silently

If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Microsoft Edge.

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Enabling Forced Extensions

6. Add the following text and click OK.

lfochlioelphaglamdcakfjemolpichk;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Adding Keeper Browser Extension App ID

7. Click Apply, and then click OK

Applying the Forced Installed Extension

8. Disable Edge's Built-In Password Manager by navigating to Microsoft Edge -> Password manager and protection and then Right click and Edit the “Enable saving passwords to the password manager”

Disabling Edge Built-In Password Manager

9. Tick the "Disabled" button, and then click Apply, and then click OK.

Disabled Edge Password Manager

10. Following the same process as steps 8 - 9, directly within Microsoft Edge Administrative Templates Policy definitions, Disable the Edge AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

Disable Edge AutoFill Capabilities

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Microsoft Edge Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

Developer Tools Policy
Disallow Developer Tools

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Edge Policy” and click “OK

Edge Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC or User within that OU, the “Edge Policy” will automatically install the Keeper Security Browser Extension, if Edge is installed on those PCs, as well as disable the Edge browser, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Edge Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Edge Policies

You can also check your extension by navigating to edge://extensions and ensuring your extensions are being forcefully installed.

Forced Keeper Browser Extension Installed

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Microsoft Edge before the new policies appear.

SCCM Deployment - Chrome

This page describes how to deploy the Keeper Browser Extension with SCCM

Deploying Keeper Chrome Browser Extension via SCCM

This is a general guide in which describes how to utilize SCCM, against Google Chrome templates, to deploy the Keeper Browser extension to all desired PCs in your organization.

Step 1: Configuration Item

Create a new Configuration Item. This can be done within the Configuration Manager console, in the Assets and Compliance work space. Give it a suitable name, like Keeper Browser Extension, and click Next.

Configuration Wizard

Step 2: Platform Selection

Select the appropriate platforms in which this Configuration will apply to and click Next.

Select Your Desired Platforms / Operating Systems

Step 3: Create New Settings Configuration

Create a new settings configuration by clicking New.

New Settings Configuration

Configure the new settings, as shown below, and click OK.

  • Name: ExtensionInstallForcelist

  • Description: Keeper Browser Extension

  • Key Name: Software\Policies\Google\Chrome\ExtensionInstallForcelist

  • Value Name: 1 This number is unique. Are you planning on adding other extensions this way, these should be added as 1, 2, 3 and so forth

New Settings Configuration

Step 4: Create New Compliance Rule

Now click on the "Compliance Rules" tab and click on New.

Compliance Rule

Configure the new compliance rules, as shown below, and click OK.

  • Name: Keeper Security Extension Compliance Rule

  • Description: Keeper Browser

  • Within the "the following values:" field, add the value "bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx" without the quotes.

  • Tick ON Remediate noncompliant rules when supported and Report noncompliance if this setting instance is not found

New Compliance Rules Configuration

Click OK to create the new compliance rule.

Click Close to finish the new configuration item wizard.

Configuration Wizard Complete

Step 5: Configuration Baseline

In order to deploy this Configuration item, you need a baseline unless you have an existing baseline you would rather use.

If you have an existing baseline you would rather use, proceed to ?.

Create a new Configuration Baseline in the Configuration Manager console, in the Asset and Compliance work space. Give it a suitable name and click Add > Configuration Item.

Create Configuration Baseline

Add your newly created Keeper Browser Extension Configuration Item, shown within the Available Configuration Items pane and click OK.

Add Keeper Browser Extension Configuration Item

Finish creating the new Configuration Baseline by clicking on OK.

Complete New Configuration Baseline

Step 6: Deployment

Finally!!!! The Configuration Baseline containing the Keeper Browser Extension Configuration Item needs to be deployed. When deploying a baseline, remember to tick ON the Remediate noncompliant rules when supported. Also, consider how often the compliance should be evaluated. For ex: Group policies updates, by default, every 90 minutes. If this is replacing a GPO, consider to lower the policies update interval. Click OK to complete the configuration baseline.

Step 7: End user experience

Once the SCCM client has updated its policies, per device, and the Configuration Baseline has run, on a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

SCCM Google Chrome Extension Policies

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

Forced Chrome Keeper Browser Extension.

Intune - Chrome

Deploy the Keeper browser extension to Google Chrome using Microsoft Intune

(1) Go to the Intune Portal

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

New Policy

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings Catalog, then click Create.

(7) On the next screen, enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for Google, then select Configure the list of force-installed apps and extensions.

(10) Enable Configure the list of force-installed apps and extensions, then paste the following on separate lines: Line 1 : bfogiafebfohielmmehodmfbbebbbpei

Line 2 : https://clients2.google.com/service/update2/crx

(11) In the Scope Tags section, click + Select scope tags and enter any applicable tags.

(12) In the Assignments section, add groups then click Next.

(13) Review the configuration settings, then click Create to finalize.

(14) Navigate back to “Devices | Configuration” > Hit Refresh

(15) Your newly Created Policy Name will then be listed

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Intune - Edge

Deploy the Keeper browser extension to Microsoft Edge using Microsoft Intune

(1) Go to the Intune Portal

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings Catalog, then click Create.

(7) On the next screen, enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for Edge, then select Configure the list of force-installed apps and extensions.

(10) Enable Configure the list of force-installed apps and extensions, then paste the following on separate lines: Line 1 : lfochlioelphaglamdcakfjemolpichk

Line 2 : https://edge.microsoft.com/extensionwebstorebase/v1/crx

(11) In the Scope Tags section, click + Select scope tags and enter any applicable tags.

(12) In the Assignments section, add groups then click Next.

(13) Review the configuration settings, then click Create to finalize.

(14) Navigate back to “Devices | Configuration” > Hit Refresh

(15) Your newly Created Policy Name will then be listed

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Edge Settings Policy

Configuration settings for Edge Browser Extension

The behavior and settings of the Microsoft Edge extension can be customized through the ExtensionSettings policy on Microsoft Windows devices.

Please see the below link to learn about the various settings can be applied:

LogoDetailed guide to the ExtensionSettings policydocsmsft

Chrome Settings Policy

Configuration settings for Chrome Browser Extension

The behavior and settings of the Chrome extension can be customized through the ExtensionSettings policy on Windows, Mac and Linux.

Please see the below link to learn about the various settings can be applied:

LogoConfigure ExtensionSettings policy - Google Chrome Enterprise Help

Virtual Machine Persistence

Persisting KeeperFill settings on virtualized desktops

Overview

Some customers virtualize their workforce desktops with tools like VMware or Citrix. For the KeeperFill extension to function properly on such desktops, certain directories may need to be persisted.

This applies to the extensions for Chrome and Edge. For each, three directories within the user's home directory must be persisted, as listed below.

Extension ID

Some directory paths refer to an <Extension-ID>. Where the ID is referred to, you can opt to persist the entire parent directory, or you can find the ID in the table below.

For Chrome, the ID may be either of the Chrome IDs listed. For Edge, the ID may be either of the Edge IDs listed; or, if you installed on Edge using the Chrome Web store, the ID will be one of the two Chrome IDs.

Browser
Extension ID

Edge

lfochlioelphaglamdcakfjemolpichk OR mpfckamfocjknfipmpjdkkebpnieooca

Chrome / Edge

bfogiafebfohielmmehodmfbbebbbpei OR kbedblbpfmeicfpadihimgombbafaeeh

Edge Locations

The following three directories should be persisted when using the Edge extension.

Extension Installation:

C:\Users\%username%\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\<Extension-ID>

Indexed DB:

C:\Users\%username%\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\chrome-extension_<Extension-ID>

Storage:

C:\Users\%username%\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\<Extension-ID>

Chrome Locations

The following three directories should be persisted when using the Chrome extension.

Extension Installation:

C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Extensions\<Extension-ID>

Indexed DB:

C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_<Extension-ID>

Storage:

C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\<Extension-ID>