Deploying Keeper Chrome Browser Extension via PLIST Policy

Create a Keeper plist policy configuration file

If you currently do not have a Policy file created, please proceed to creating your Keeper plist policy file to your desired location, Ex: /tmp and name it com.google.Chrome.plist by selecting GO on the top Menu Bar of you MacOS Desktop and select Terminal to open a Terminal Console.

Copy and paste the contents below, into your Terminal, and hit Enter / Return. This will create your plist file within the /tmp directory and display that the file is there.

cd /tmp
touch com.google.Chrome.plist
ls -la

In your preferred file editor or basic file editor, copy, paste and save the contents, below, into the com.google.Chrome.plist file.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>ExtensionSettings</key>
		<dict>
			<key>bfogiafebfohielmmehodmfbbebbbpei</key>
			<dict>
				<key>installation_mode</key>
				<string>force_installed</string>
				<key>update_url</key>
				<string>https://clients2.google.com/service/update2/crx</string>
			</dict>
		</dict>
                <key>ExtensionPolicies</key>
		<!-- Chrome policies should be outside of ExtensionSettings -->
		<key>PasswordManagerEnabled</key>
		<false/>
		<key>AutofillCreditCardEnabled</key>
		<false/>
		<key>AutofillAddressEnabled</key>
		<false/>
	</dict>
</plist>

Deploying your PLIST Policy

There are multiple tools to deploy your PLIST policy. In the next set on instructions, we will walk through deploying your PLIST policy file via Jamf Pro, AirWatch and Microsoft Intune.

Deploying Google Chrome PLIST (.plist) Policy using Jamf Pro

This is a general overview of how to deploy Google Chrome's .plist configuration profile, to computers within your organization, using Jamf Pro.

Upload Created PLIST File

Upload the manually created Google Chrome PLIST file that defines the properties for the preference domain you specify in Jamf Pro.

1. Log in to Jamf Pro.

2. Click Computers at the top of the page.

3. Click Configuration Profiles.

4. Click New.

5. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.

6. Click the Application & Custom Settings payload, and then click Upload.

7. Click Add.

8. Enter com.google.Chrome in the Preference Domain field.

9. To upload the custom PLIST file choose Upload File, enter the preference domain for which you want to set properties. Click Upload PLIST File, and then choose the com.google.Chrome.plist file previously created.

10. Click the Scope tab, and then configure the scope of the configuration profile. 11. Click Save.

Deploying Google Chrome PLIST (.plist) Policy using Microsoft Intune

This is a general overview of how to deploy Google Chrome .plist configuration profile, to computers within your organization, using Microsoft Intune.

Create the Google Chrome profile

1. Sign in to the Microsoft Endpoint Manager admin center.

2. Select Devices > Configuration profiles > Create profile.

3. Enter the following properties:

   • Platform: Select macOS

   • Profile: Select Preference file.

4. Select Create.

5. In Basics, enter the following properties:

• Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name is macOS: Add preference file that configures Google Chrome on devices.

• Description: Enter a description for the policy. This setting is optional, but recommended.

6. Select Next.

7. In Configuration settings, configure your settings:

• Preference domain name: Enter the bundle ID as com.google.Chrome

• Property list file: Select the property list file associated with your app. Be sure to choose the com.google.Chrome.plist file previously created.

The key information in the property list file is shown. If you need to change the key information, open the list file in another editor, and then re-upload the file in Intune.

8. Select Next.

9. In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as US-IL IT Team or Chicago_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.

10. Select Next.

11. In Assignments, select the users or groups that will receive your profile. For more information on assigning profiles, see Assign user and device profiles.

12. Select Next.

13. In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.

Assign the Google Chrome profile

1. Select Devices > Configuration profiles. All the profiles are listed.

2. Select the profile you want to assign > Properties > Assignments > Edit:

   

3. Select Included groups or Excluded groups, and then choose Select groups to include. When you select your groups, you're choosing an Azure AD group. To select multiple groups, hold down the Ctrl key, and select your groups.

4. Select Review + Save. This step doesn't assign your profile.

5. Select Save. When you save, your profile is assigned. Your groups will receive your profile settings when the devices check in with the Intune service.

Use scope tags or applicability rules

When you create or update a profile, you can also add scope tags and applicability rules to the profile.

Scope tags are a great way to filter profiles to specific groups, such as US-IL IT Team or Chicago_ITDepartment. For more information about scope tags, see Use RBAC and scope tags for distributed IT.