Monitoring SaaS usage
      Back to home
      1. Knowledge Base
      2. Monitor human risks
      3. Monitoring SaaS usage

      Enable the Chrome & Edge extension

      This guide covers installing the Chrome & Edge (Chromium) browser extension

      Requirements

      To setup the extension you will need the following permissions:

      1. Platform user or above access (e.g. access to login to https://platform.culture.ai)
      2. Administrative access or equivalent in your chosen deployment solution (e.g. Google Workplace / Intune / Active Directory) where you are rolling out the extension automatically to end-users.

      Installation

      From the navigation menu select "Data Sources and Integrations":

      Select chrome from the data source list:

      Select enable:

      This will bring up the setup wizard and guide you though the remaining steps, including the deployment URLs required.

      The extension can also be rolled out in the later versions of the Microsoft Edge browser which utilize the Chromium engine. This can be via multiple deployment paths including:

      Intune Deployment

      Copy the extension ID and URL from the Chrome setup wizard and click "Confirm Extension Install".

      To deploy the extension to Chrome, install the administrative policies by following the instructions on the following URL:

      https://support.google.com/chrome/a/answer/12578231?hl=en

      Edge policies are already supported by default in Intune.

      Browse to Microsoft Endpoint Manager, devices, configuration profiles:

      https://endpoint.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMenu/~/configurationProfiles

      Click create profile:

      Select target platform, typically "Windows 10 and later" and a profile type of "Settings catalog" and click create.

      Provide a profile name, for example "CultureAI Browser Security Extension" and click next.

      Click "Add settings"

      Select the policy for the browser(s) you want to deploy to:

      • Edge - "Control which extensions are installed silently" under "Microsoft Edge\Extension"
      • Chrome - "Configure the list of force-installed apps and extensions" under "Administrative Templates\Google\Google Chrome\Extensions"

      Select "Enabled" and enter the application id followed by a colon and the URL taken from the wizard for each extension policy enabled and click next.

      Select scopes where you have these configured and click next:

      Assign it to the users/groups in scope and click next:

      Review settings and click "Create":

      Once this has been applied, the extension will be rolled out and appear in Edge and Chrome under extensions:

      Group Policy

      Copy the extension ID and URL from the Chrome setup wizard and click "Confirm Extension Install".

      To deploy the extension to Edge, download the administrative policies from the following URL, extracting the msedge.admx and associated adml into your policies folder:

      https://www.microsoft.com/en-us/edge/business/download?form=MA13FJ

      To deploy the extension to Chrome, download the administrative policies from the following URL, extracting the chrome.admx and chrome.adml into your policies folder:

      https://support.google.com/chrome/a/answer/12578231?hl=en

      Open Group Policy Management and either create a new policy or update an existing policy which covers the hosts you wish to deploy to.

      Select the following policies:

      • Chrome, browse to Computer Configuration > Policies > Administrative Templates > Google Chrome > Extensions and select "Configure the list of force-installed apps and extensions"
      • Edge, browse to Computer Configuration > Policies > Administrative Templates > Microsoft Edge > Extensions and select "Control which extensions are installed silently"

      Click "Enabled" and "Show" and enter the application id followed by a colon and the URL taken from the wizard.

      Click "OK".

      Once this has been applied, the extension will be rolled out and appear in Edge and Chrome under extensions:

      Data Processing

      The Extension tracks the following behaviors:

      • Sharing credentials
      • Re-using passwords
      • Using credentials in SSO enabled software
      • Using unapproved software
      • Using known compromised passwords

      CultureAI does not send the user passwords to its platform, instead relying on a partial hash to allow detection of password re-use. Analytics on the password, for example weak password detection, is performed on the client with just the associated statistics sent.

      Extension Permissions

      The extension uses the following browser permissions:

      • storage
      • activeTab
      • scripting
      • webRequest
      • webNavigation
      • identity
      • identity.email

      Further information on each permission can be found on the following URL:

      https://developer.chrome.com/docs/extensions/mv3/declare_permissions/