The CyberArk Identity Browser Extension

This topic is for administrators who deploy and configure the CyberArk Identity Browser Extension.

Some web applications require the Browser Extension for single sign-on. These applications display the jigsaw puzzle symbol on the Apps page in CyberArk Identity User Portal. After users install the Browser Extension, the jigsaw symbol disappears.

To troubleshoot common issues related to the Browser Extension, see Troubleshoot issues related to the CyberArk Identity Browser Extension.

For details on the jigsaw puzzle symbol and other symbols used in the User Portal, see Sign in to web apps.

The following example shows what you might see in the new UI.

You can send the link for installing the Browser Extension directly to users. When users click the link, the installer identifies the user’s default browser and installs the corresponding extension. The link and the Browser Extension files are available from the Downloads page in the Identity Administration portal.

You can only update the browser extension; reverting to previous versions is not supported.

The browser extension is not required on mobile devices. The CyberArk Identity mobile app incorporates an internal browser that provides single sign-on. When device users open an application that requires the browser extension, the application automatically opens in the internal browser.

Options for user self installation

Users can install the CyberArk Identity Browser Extension using one of the following options.

  • Click the link in the banner on the Apps page above the application icons.
  • Launch an application that requires the Browser Extension, then click the link in the pop-up that prompts users to install the Browser Extension.

  • Download the browser extension from the relevant web store.

In addition, you can send users a link to install the Browser Extension. The link and the browser extension files are provided in the Downloads page under Browser Extensions.

Deploy the Browser Extension with Active Directory group policies

You can mass deploy the Browser Extension with Active Directory group policies. See the following links for instructions.

Copy credentials

We provide the following ways to obtain the username or password of a saved application without opening the User Portal:

  • Copy from the Browser Extension context menu on the application sign-in page or change password page.

  • Copy from a menu in the Browser Extension.

For instructions, see Copy credentials.

Configure time to clear the clipboard

After a user copies a username or password from the User Portal, Browser Extension, or Browser Extension context menu, CyberArk Identity clears the information from the clipboard after n seconds have passed. You can configure the number of seconds. The default is 120 seconds.

This feature does not clear all information stored in the clipboard history. It only clears the most recently saved username and password. We recommend that you disable clipboard history to reduce your organization's vulnerability to attack.

To configure the clear clipboard time:
  1. In the Identity Administration portal, click Policies, then double-click a policy to open it.

  2. Click Application Policies > User Settings.

  3. In the Clear clipboard after the configured time (in seconds) field, specify how many seconds you want to wait before the clipboard is cleared.

  4. Click Save.

Enable Land & Catch for your organization

This topic describes how to enable Land & Catch for your organization so users can add apps to their User Portal using the CyberArk Identity Browser Extension's Land & Catch feature. Land & Catch recognizes when users enter credentials and offers to add the site to their User Portal and store the user's credentials. As part of the Workforce Password Management feature, credentials are stored in either CyberArk Identity or in the CyberArk Privileged Access Manager - Self-Hosted self-hosted vault. Where the credentials are stored does not change the user experience. Regardless of where credentials are stored, users can leverage Land & Catch to conveniently add apps to their User Portal while securely storing their credentials.

Encourage your organization to use the CyberArk Identity Password Generator (available starting with the 21.7 Browser Extension) in conjunction with Land & Catch to reduce the threat of security breaches while simplifying the user experience. See Manage credentials with Workforce Password Management for more information.

Once enabled for users, Land & Catch is activated when a user logs in to a service provider's web site. The Browser Extension then asks via pop-up if the user wants to store the login information as an app on their User Portal. If the user agrees, the app appears in their User Portal.

The Land & Catch feature cannot capture apps that use iframes.

Step 1: Disable your browser's password prompts and autofill features.

The Browser Extension might conflict with your browser's features to save passwords and autofill information. CyberArk recommends disabling those browser features to avoid conflicts.

Disable password prompts in Chrome

In order suppress the prompt to save passwords in your Chrome browser, select Disable Browser Password Prompts in the CyberArk Identity Browser Extension. When this option is selected, the Chrome privacy permission, Change your privacy related settings, is enabled in Chrome Extensions. This permission is required in order for the Browser Extension to suppress the prompt to save passwords in Chrome.

  1. Click the Browser Extension button in your browser.
  2. Click the gear button (Settings) and select Disable Browser Password Prompts.

  3. If you are prompted to grant additional permissions to CyberArk Identity Browser Extension, click Allow.

Disable or enable autofill in Chrome

Step 2: Enable Land & Catch in the Identity Administration portal

  1. Sign in to the Identity Administration portal, then click Core Services > Policies.

  2. Select an existing policy set, or create a new one.

    Policy sets are applied to users by applying them to everybody, specified roles, or sets.

  3. Select Application Policies > User Settings.

  4. Set Allow users to add personal apps to either -- or Yes.

  5. Set Enable browser extension Land & Catch to Yes, then click Save.

Step 3: Enable users to customize apps added using Land & Catch

  1. Go to Application Policies > User Settings.

  2. Set Allow users to customize personal apps to Yes, then select the fields where you want to allow customizations.

    • Name

    • Description

    • Logo

    • URL

  1. Set Enable Browser Extension Land & Catch to Yes.
  1. Click Save.

    End users can now update the configured fields for the captured apps.

End users cannot customize the apps added using the Add apps option.