JumpCloud now supports Browser Patch Management for Chrome. This feature allows admins to control a number of settings for the Chrome Web Browser. Similar to OS Patch, the JumpCloud Admin is given access to 4 default policies; Zero Day, Early Adoption, General Adoption, and Late Adoption. These policies are device agnostic, meaning they can be applied to devices running any supported OS, and do not need to be configured for specific OS types like OS Patch or other JumpCloud Policies. To access this feature in the JumpCloud admin portal browse to Policy Management > Patch Management > Browser, as seen in screenshot;
There are 3 configuration options available for our default policies; Automatic Update Settings, Sign-in Settings, and Chrome Browser Cloud Management Settings.
The focus of this page is to explore how to control user access to Browser Extensions that are permitted by an organization, JumpCloud Password Manager Chrome Extension for example.
To begin, we need to set up Chrome Browser Management, and generate an Enrollment Token. The Enrollment Token will then be added to your JumpCloud Browser Patch Policies, and will be distributed to any managed devices which are bound to these policies.
- Generate Enrollment Token
- Login to Google Administrative Console with your Google Workspace Global Admin credentials.
- In the Google Admin Console navigate to Menu > Devices > Chrome > Managed Browsers.
- Add an organization unit titled “Chrome Browser Management”.
- At the bottom right of the screen select the + button to generate a new Enrollment Token.
- Copy the Enrollment Token and paste it into the JumpCloud Admin Console for each Browser Patch Policy, and check the boxes for Enroll in Chrome Browser Cloud Management/Enable Chrome Browser Cloud Management Reporting.
- Bind devices to the policy in JumpCloud to distribute the the Enrollment Token. Once enrolled the settings present in the JumpCloud policy will be applied to any bound devices. In addition the devices will become present in the Google Workspace Tenant under Menu > Devices > Chrome > Managed Browsers.
- Configure Browser Extensions in the Google Workspace Tenant
- Navigate to Home > Chrome > Apps & Extensions > Users and Browsers and click Additional Settings.
- Under the settings for allow/block mode click edit. You may choose whatever settings work best for your organization. For this example I chose to select the following configurations;
- Play Store: Block all apps, admins manages allowlist.
- Chrome Web Store: Block all apps, admin manages allowlist, users may request extensions.
- Click Save.
Note: This will allow us to create an allow list of extensions, AND give the user the ability to request a new extension.
- Next, we will add extensions to our allow list and configure settings. Make sure you are in Home > Chrome > Apps & Extensions > Users and Browsers, click the yellow plus sign in the bottom right of the page, and click Add from Chrome Web Store.
- Search for and select the extension you would like to add. In this example, I am adding the JumpCloud Password Manager.
- Finally, we can configure settings for the extensions behavior. For this example I have clicked Force install + pin to browser toolbar.
Testing Your Configuration
To show this off, we can switch over to a device which has been enrolled in the Browser Patch Policy.
- Open a Chrome Browser which the user has logged into (we can force users to login to the browser in the JumpCloud Browser Patch Policy) navigate to Extensions and click Manage Extensions. Here we can see a few things; a dialogue informing the end user that “Your browser is managed by <Organization Name>”, only approved extensions can be enabled, and the JumpCloud Password Manager is enabled by default as well as pinned to the browser toolbar.
- Recall that during our setup we selected the option to allow end users to Request New Browser Extensions. To test this, you can navigate to the Chrome Web Store, search for an extension, and click Request. Below is an example in which we want to request to install the commonly used tool Ublock Origin. Once you click Request the end user will see Request Pending.
- Once requested the extension will show in the Google Admin Console by navigating to Devices > Chrome > Apps & Extensions > Requests. Click on the requested extension and then click Set Installation Policy.
- You will have the option to click Force install + pin to browser toolbar, Force Install, Allow Install, or Block.
Behold the power of a Managed Chrome Browser!
Please note that the above is just one example of how JumpCloud admins can harness the power of JumpCloud's Browser Patch Management and Google Chrome Enterprise Management. If you would like to learn more please reference the articles linked at the top of this post, or reach out to us!