Mass deploy the CyberArk Browser Extension for Firefox

This topic describes how to use Active Directory Group Policy Management with Firefox policy templates to deploy the CyberArk Browser Extension to all PCs in your organization.

This document is a general guide. Details may vary for each deployment.

Step 1: Add Firefox policy templates

  1. Open your browser, go to the following URL, and download the zip file policy_templates_vx.x.zip, where x.x is the version number. 

    https://github.com/mozilla/policy-templates/releases

  1. Extract the Firefox policy template file to a temporary location. For eample: C:\temp. Then copy the files to your domain controller.

Step 2: Add Firefox .admx and .adml files to group policy

  1. On your domain controller, go to the directory where you copied the Firefox policy template file. Copy the firefox.admx file located within the \policy_templates_v.(<version>)\windows directory to C:\Windows\PolicyDefinitions.

  2. On your domain controller, go to the directory where you extracted the Firefox policy template file and copy the firefox.adml file located within the \policy_templates_v.(<version>)\windows\en-US directory to C:\Windows\PolicyDefinitions\en-US.

If you want a language other than en-US, go to the directory for that language. For example, es-ES.

Step 3: Create or configure the Firefox policy

  1. On your domain controller, open Group Policy Manager and expand the domain Group Policy Objects. If you do not have a group policy to use for Firefox policies, right-click Group Policy Objects and create a new policy. Give the policy a relevant name, such as Firefox Policy.

  2. Right-click the new policy and select Edit.

  3. Open Firefox Policy > Computer Configuration > Policies > Administrative Templates > Firefox > Extensions. Right-click and edit Extensions to Install.

  4. Select Enabled and click Show.

  5. Add the following text and click OK.

    https://addons.mozilla.org/en-US/firefox/addon/cyberark-identity-browser/

  1. Click Apply, then OK.

  2. Right-click and edit Prevent extensions from being disabled or removed.

  1. Click Enabled, then Show.

  2. In the Value field, add the following text and click OK.

https://addons.mozilla.org/firefox/downloads/file/4013230/cyberark_identity_browser-22.10.4.xpi

  1. Click Apply, then click OK.

  1. Disable the Firefox Built-In Password Manager by navigating within Firefox Administrative Templates Policy definitions, then right-clicking and editing Offer to save logins and Offer to save logins (default). Set each one Disabled, Click Apply, then OK.

  1. Exit the Group Policy Management Editor, right-click the organizational unit (OU) of your choice, and select Link an Existing GPO.

  2. Select the Firefox Policy and click OK.

    If you have more than one OU that you want link this new group policy to, repeat steps 11 - 13.

For any PC with Firefox installed within that OU, the Firefox policy automatically installs the Browser Extension and disables Firefox's less secure, built-in password manager and AutoFill capabilities.

Step 4: Check your Firefox policies

On a target client device, open Firefox and go to about:policies to see all applied policies. If you applied policy settings on the local computer, policies should appear immediately.

You might need to run gpupdate /force in an elevated command prompt to apply this new group policy to the PCs.

You might need to close and reopen Firefox before the new policies appear.