Installing the Google Chrome Extension (macOS) using MDM

How to enable the Google Chrome extension with CultureAI

• Our Chrome extension allows you to track and monitor your employees security behaviour while using Chrome.
• Our browser extension looks for corporate email login attempts using emails and passwords to understand what software applications your people are using, and can then utilise the security notification tools to course correct any potentially risky behaviours real time via email/slack/teams/meta workplace.

In this guide we'll go over how to install the extension directly from your CultureAI dashboard on macOS devices via MDM tools such as Intune, Jamf or Kandji.

Good to know

• The extension only tracks corporate emails. It would track joebloggs@companyname.com, but, it would not track joebloggs@hotmail.com
• If you're not using Chrome Profiles, you will need to enable Smart Assumptions (click here to navigate to this setting) This will allow CultureAI to track logins even if you're not logged into browser profiles

Permissions & Requirements

To setup the extension you will need the following permissions:

1. Platform user or above access (e.g. access to login to https://platform.culture.ai)
2. Administrative access or equivalent in your chosen deployment solution or MDM (e.g. Google Workplace / Intune / Active Directory / Jamf) where you are rolling out the extension automatically to end-users.

Deploy via managed Chrome Profiles

1. Log in to the CultureAI admin dashboard

2. Click on the cog symbol along the top bar of your dashboard

   

3. Scroll through and locate the 'Chrome' integration

4. Click on the 'Enable' buttonA new window should pop up

5. This will bring up the setup wizard and guide you though the remaining steps, including the deployment URLs required.

   

6. Follow the steps that appear on the wizard

7. Once complete, click the 'Confirm Extension Install' button

   

8. You're done!

Deploying via macOS Custom Profile (.mobileconfig)

The custom profile created during this step can be deployed via multiple MDM solutions such as Intune, Jamf or Kandji.

Enabling the extension

1. Log in to the CultureAI admin dashboard

2. Click on the cog symbol along the top bar of your dashboard

   

3. Scroll through and locate the 'Chrome' integration

4. Click on the 'Enable' button. A new window will pop up

5. Copy the Extension ID & the URL, save this somewhere as you will need it later

6. Click 'Confirm Extension install'

Option 1: Deploy only the CAI Extension

This option is to be used if you don’t currently deploy any other chrome extensions via your MDM. Below is the contents of our .mobileconfig profile which will install the CAI Chrome extension, it will:

• Install the CultureAI Chrome Security Extension using our Update URL
• Add the extension to the forced install list
• Override the update URL to the update URL we provide.

Copy the below → open a text editor such as notepad or VS Code → Paste it in and save as ProfileName.mobileconfig e.g. CAIExtension.mobileconfig

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "<http://www.apple.com/DTDs/PropertyList-1.0.dtd>">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>ExtensionInstallForcelist</key>
			<array>
				<string>ogkdhibldgmpgajkhddgpbophcjilljg;<https://platform.culture.ai/api/v5/chromium/extension/90e6ef20-2197-4a32-8bc9-6a38d8ab9739?signature=ae08c1715cc203fb5e6ff1dce37597c745fa3db96428c81af5d8cc32e1cfa5ac></string>
			</array>
			<key>ExtensionSettings</key>
			<dict>
				<key>ogkdhibldgmpgajkhddgpbophcjilljg</key>
				<dict>
					<key>allowed_types</key>
					<array/>
					<key>blocked_install_message</key>
					<string></string>
					<key>blocked_permissions</key>
					<array/>
					<key>install_sources</key>
					<array/>
					<key>installation_mode</key>
					<string>force_installed</string>
					<key>minimum_version_required</key>
					<string></string>
					<key>override_update_url</key>
					<true/>
					<key>runtime_allowed_hosts</key>
					<array/>
					<key>runtime_blocked_hosts</key>
					<array/>
					<key>update_url</key>
					<string><https://platform.culture.ai/api/v5/chromium/extension/90e6ef20-2197-4a32-8bc9-6a38d8ab9739?signature=ae08c1715cc203fb5e6ff1dce37597c745fa3db96428c81af5d8cc32e1cfa5ac></string>
				</dict>
			</dict>
			<key>PayloadDescription</key>
			<string>Configures Google Chrome settings</string>
			<key>PayloadDisplayName</key>
			<string>Google Chrome</string>
			<key>PayloadIdentifier</key>
			<string>com.github.erikberglund.ProfileCreator.3323F1B4-8F47-4503-929C-FDDA6552C7EB.com.google.Chrome.F29933A3-AF74-4C16-A555-33AE70A340F9</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.google.Chrome</string>
			<key>PayloadUUID</key>
			<string>F29933A3-AF74-4C16-A555-33AE70A340F9</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>CultureAIChromeSecurityExtension</string>
	<key>PayloadDisplayName</key>
	<string>CultureAIChromeSecurityExtension</string>
	<key>PayloadIdentifier</key>
	<string>com.github.erikberglund.ProfileCreator.3323F1B4-8F47-4503-929C-FDDA6552C7EB</string>
	<key>PayloadOrganization</key>
	<string>ProfileCreator</string>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>3323F1B4-8F47-4503-929C-FDDA6552C7EB</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Option 2: Add the CAI Extension to an existing extensions configuration

It may be the case that you already install other Chrome extensions on your macOS devices via a .mobileconfig profile. In this case you can add the CultureAI extension to your existing deployment.

It’s likely you already utilise the ExtensionInstallForceList keys, you’ll just need to add the CAI Extension ID and URL, separated by a semi-colon like below:

<key>ExtensionInstallForcelist</key>
			<array>
				<string>ogkdhibldgmpgajkhddgpbophcjilljg;<https://platform.culture.ai/api/v5/chromium/extension/90e6ef20-2197-4a32-8bc9-6a38d8ab9739?signature=ae08c1715cc203fb5e6ff1dce37597c745fa3db96428c81af5d8cc32e1cfa5ac></string>
			</array>

You may not already use the ExtensionSettings Schema to configure your Chrome extensions, if not you’ll need to add the below to your mobile config:

<key>ExtensionSettings</key>
			<dict>
				<key>ogkdhibldgmpgajkhddgpbophcjilljg</key>
				<dict>
					<key>installation_mode</key>
					<string>force_installed</string>
					<key>override_update_url</key>
					<true/>
					<key>update_url</key>
					<string><https://platform.culture.ai/api/v5/chromium/extension/90e6ef20-2197-4a32-8bc9-6a38d8ab9739?signature=ae08c1715cc203fb5e6ff1dce37597c745fa3db96428c81af5d8cc32e1cfa5ac></string>
				</dict>
			</dict>

How to deploy the .mobileconfig via Intune

1. Go to intune.microsoft.com

2. Navigate to Devices → macOS → Configuration Profiles

3. Click Create → New Policy

   

4. Select Templates → Custom

   

5. Name your Deployment, e.g. (Deploy CultureAI Chrome Extension macOS) and click Next

   

6. Give your profile a name and upload the .mobileconfig

7. Click Next → Assign the Profile to your target endpoints/users and Create the Profile.

   

   Once the configuration has been successfully applied on a machine via Intune, the extension will then appear within the user’s chrome browser.