Mass deploy the CyberArk Browser Extension for Chrome

This section describes how to use Active Directory Group Policy Management with Google Chrome templates to deploy CyberArk Identity Browser Extension to all PCs in your organization.

This document is a general guide. Details in your deployment may differ.

Step 1: Add Chrome policy templates

  1. Open your browser and go to the following URL:
  2. Download the correct 32- or 64-bit Google Chrome Bundle (.zip), extract it to a folder (for example, C:\temp), then copy the files to your domain controller.

  3. On the domain controller, go to the directory where you copied the files and copy the chrome.admx file as follows:

Copy chrome.admx from this location

To this location









  1. On the domain controller, go to the directory where you copied the files and copy the chrome.adml file as follows:

Copy chrome.adml from this location

To this location









If you want a language other than en-US, go to the correct directory. For example, es-ES.

Step 2: Create or configure your Chrome policy

  1. On your domain controller, open Group Policy Manager and expand the domain Group Policy Objects. If you do not have a group policy to use for Chrome policies, right-click Group Policy Objects and create a new policy. Give the policy a relevant name, such as Chrome Policy.

  2. Right-click the new policy and select Edit.

  3. Expand Chrome Policy > Computer Configuration > Policies > Administrative Templates > Google Chrome > Extensions then right-click and edit Configure the list of force-installed apps and extensions.

    If this policy will apply to users instead of computers, the Chrome policies you will be expanding will be located under User Configuration > Policies > Administrative Templates > Google Chrome.

  4. Select Enabled and click Show.

  5. Add the following text and click OK.

  1. Click Apply, then OK.

  2. Disable Chrome's Built-In Password Manager by going to Google Chrome > Password manager, then right-click and edit Enable saving passwords to the password manager.

  3. Select Disabled, then click Apply and OK.

  1. Following the same process as steps 7-8, go to Google Chrome Administrative Templates Policy definitions. Disable Chrome's AutoFill capabilities by editing both Enable AutoFill for addresses and Enable AutoFill for credit cards and setting them to Disabled.

  2. (Optional) You can disable Developer Tools to further secure against users attempting to unmask a masked password credential. In the Google Chrome Administrative Templates Policy definitions, edit Control where developer tools can be used and set it to Enabled Select Don't allow using the developer tools and click OK.

  3. Exit the Group Policy Management Editor. Right- click the organizational unit (OU) containing your computers or users, and select Link an Existing GPO.

  1. Select the Chrome Policy and click OK.

  2. If you want to link this new group policy to more than one OU, repeat steps 11-12.

    For any PC within that OU, the Chrome policy automatically installs CyberArk Identity Browser Extension, if Chrome is installed on those PCs. the Chrome policy also disables Chrome's less secure, built-in password manager and AutoFill capabilities.

Step 3: Check Your Chrome policies

On a target client device, open Google Chrome and go to chrome://policy to see all applied policies. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by going to chrome://extensions and ensuring your extensions are being installed.

You may need to run gpupdate /force in an elevated command prompt to apply this new group policy to the PCs.

You might need to close and reopen Google Chrome before the new policies appear.