The CyberArk Identity Browser Extension

This topic guides system administrators through the procedures for deploying and configuring the CyberArk Identity Browser Extension.

Some web applications require the Browser Extension for single sign-on. Applications that depend on the Browser Extension have the jigsaw puzzle symbol on the Apps page in the CyberArk Identity user portal.

After users install the Browser Extension, the jigsaw symbol disappears.

You can send the link for installing the browser extension directly to users. When users click the link, the installer identifies the user’s default browser and installs the corresponding extension. The link and the browser extension files are available from the Downloads page in the Admin Portal.

You can only update the browser extension; reverting to previous versions is not supported.

The browser extension is not required on mobile devices. The CyberArk Identity mobile app incorporates an internal browser that provides single sign-on. When device users open an application that requires the browser extension, the application automatically opens in the internal browser.

Options for user self installation

Users can install the CyberArk Identity Browser Extension using one of the following options.

  • Click the link in the banner on the Apps page above the application icons.
  • Launch an application that requires the Browser Extension, then click the link in the pop-up that prompts users to install the Browser Extension.

  • Download the browser extension from the relevant web store.

In addition, you can send users a link to install the Browser Extension. The link and the browser extension files are provided in the Downloads page under Browser Extensions.

Enable Land & Catch for your organization

This topic describes how to enable Land & Catch for your organization so users can add apps to their User Portal using the CyberArk Identity Browser Extension's Land & Catch feature. Land & Catch recognizes when users enter credentials and offers to add the site to their User Portal and store the user's credentials. As part of the Workforce Password Management feature, credentials are stored in either CyberArk Identity or in the CyberArk Privileged Access Manager - Self-Hosted self-hosted vault. Where the credentials are stored does not change the user experience. Regardless of where credentials are stored, users can leverage Land & Catch to conveniently add apps to their User Portal while securely storing their credentials.

Encourage your organization to use the CyberArk Identity Password Generator (available starting with the 21.7 Browser Extension) in conjunction with Land & Catch to reduce the threat of security breaches while simplifying the user experience. Refer to Manage credentials with Workforce Password Management for more information.

Once enabled for users, Land & Catch is activated when a user logs in to a service provider's web site. The Browser Extension then asks via pop-up if the user wants to store the login information as an app on their User Portal. If the user agrees, the app appears in their User Portal.

The Land & Catch feature cannot capture apps that use iframes.

Step 1: Disable your browser's password prompts and autofill features.

The Browser Extension might conflict with your browser's features to save passwords and autofill information. CyberArk recommends disabling those browser features to avoid conflicts.

Disable password prompts in Chrome

In order suppress the prompt to save passwords in your Chrome browser, select Disable Browser Password Prompts in the CyberArk Identity Browser Extension. When this option is selected, the Chrome privacy permission, Change your privacy related settings, is enabled in Chrome Extensions. This permission is required in order for the Browser Extension to suppress the prompt to save passwords in Chrome.

  1. Click the Browser Extension icon in your browser.
  2. Click the gear icon (Settings) and select Disable Browser Password Prompts.

  3. If the following message is displayed, click Allow.

Disable or enable autofill in Chrome

https://support.google.com/chrome/answer/142893

Step 2: Enable Land & Catch in the CyberArk Identity Admin Portal

Enable Land & Catch in CyberArk Identity policy settings.

  1. Sign in to the Admin Portal, then click Core Services > Policies.

  2. Select an existing policy set, or create a new one.

    Policy sets are applied to users by applying them to everybody, specified roles, or sets.

    Land & Catch is a new feature in Browser Extension 18.5. If you used policy settings to restrict users from updating the Browser Extension past a specified version, users with versions prior to 18.5 will not benefit from Land & Catch. See Restrict Browser Extension updates for more information.
  3. Select Application Policies > User Settings.

  4. Set Allow users to add personal apps to either -- or Yes.

  5. Set Enable browser extension Land & Catch to Yes, then click Save.

Step 3: Enable users to customize apps added using Land & Catch

  1. Go to Application Policies > User Settings.

  2. Set Allow users to customize personal apps to Yes, then select the fields where you want to allow customizations.

    • Name

    • Description

    • Logo

    • URL

  1. Click Save.

    End users can now update the configured fields for the captured apps.

End users cannot customize the apps added using the Add apps option.

Troubleshoot the Browser Extension

The first thing to do if you have challenges using the Browser Extension is to make sure that you are signed in.

Refer to the following sections for more specific challenges and solutions.

Land & Catch - added applications are not available

Solution: Refresh the app cache

Your system administrator might have changed the applications deployed to you or the tags used to organize them. You can refresh your app cache to update the Browser Extension with the latest information.

  1. Click the Browser Extension icon in your browser.

    The Browser Extension menu opens to the Applications tab.

  2. Click the refresh icon to the left of the applications filter drop-down menu.

Land & Catch - The Browser Extension doesn't offer to add a new app

Solution: Verify that Land & Catch is enabled

Enable Land & Catch for your organization

Solution: Clear the list of skipped sites

If you clicked Never at any of the prompts to add a site to your User Portal but later change your mind, you can clear the list of skipped sites by clicking the Browser Extension icon in your browser, then selecting Clear Skipped Sites... .

You can't sign in

Solution: Change your Portal Hostname

The portal hostname does not typically have to change from its default value; however, if your company uses multiple tenants, your system administrator might request that you change the portal hostname to an appropriate value for your tenant.

  1. Click the Browser Extension icon in your browser, then click the gear icon to go to the Settings tab.
  2. Expand Advanced, then enter the name of your tenant in the Portal Hostname field.

    The portal hostname typically takes the format <tenant>.Idaptive.com. You will see a red X in the field for invalid hostnames, and a green checkmark after entering a valid hostname.

Your system administrator wants the Browser Extension diagnostics log

Solution: Export the diagnostics log

Your system administrator might need you to export the Browser Extension diagnostics log to assist in troubleshooting.

  1. Click the Browser Extension icon in your browser, then click the gear icon to go to the Settings tab.
  2. Expand Advanced, the then click Export Diagnostics Log.

    If requested by your administrator, select Enable diagnostics log. Enabling this setting adds more detail to the diagnostics log. even with this setting disabled, diagnostic logs containing less detail are still available for export.

    The log is downloaded to your browser's default download location. The filename takes the format BElog-YYYYMMDD-HHMMSS.bin.

The Browser Extension doesn't autofill my credentials

If you are signed in to the CyberArk Identity Browser Extension and you already refreshed your app cache, the Browser Extension might conflict with your browser's features to save and autofill sign in credentials and other information.

Solution: Disable browser password prompts and autofill

Disable password prompts in Chrome

In order suppress the prompt to save passwords in your Chrome browser, select Disable Browser Password Prompts in the CyberArk Identity Browser Extension. When this option is selected, the Chrome privacy permission, Change your privacy related settings, is enabled in Chrome Extensions. This permission is required in order for the Browser Extension to suppress the prompt to save passwords in Chrome.

  1. Click the Browser Extension icon in your browser.
  2. Click the gear icon (Settings) and select Disable Browser Password Prompts.

  3. If the following message is displayed, click Allow.

Disable or enable autofill in Chrome

https://support.google.com/chrome/answer/142893