The CyberArk Identity Browser Extension
This topic is for administrators who deploy and configure the CyberArk Identity Browser Extension.
Some web applications require the Browser Extension for single sign-on. These applications display the jigsaw puzzle symbol on the Apps page in CyberArk Identity User Portal. After users install the Browser Extension, the jigsaw symbol disappears.
To troubleshoot common issues related to the Browser Extension, see Troubleshoot issues related to the CyberArk Identity Browser Extension.
For details on the jigsaw puzzle symbol and other symbols used in the User Portal, see Sign in to web apps.
The following example shows what you might see in the new UI.
You can send the link for installing the Browser Extension directly to users. When users click the link, the installer identifies the user’s default browser and installs the corresponding extension. The link and the Browser Extension files are available from the Downloads page in the Identity Administration portal.
The browser extension is not required on mobile devices. The CyberArk Identity mobile app incorporates an internal browser that provides single sign-on. When device users open an application that requires the browser extension, the application automatically opens in the internal browser.
Users can install the CyberArk Identity Browser Extension using one of the following options.
- Click the link in the banner on the Apps page above the application icons.
Launch an application that requires the Browser Extension, then click the link in the pop-up that prompts users to install the Browser Extension.
Download the browser extension from the relevant web store.
In addition, you can send users a link to install the Browser Extension. The link and the browser extension files are provided in the Downloads page under Browser Extensions.
Deploy the Browser Extension with Active Directory group policies
You can mass deploy the Browser Extension with Active Directory group policies. See the following links for instructions.
For Chrome browsers, see Mass deploy the CyberArk Browser Extension for Chrome
For Firefox browsers, see Mass deploy the CyberArk Browser Extension for Firefox.
For Microsoft Edge browsers, see Mass deploy the CyberArk Browser Extension for Microsoft Edge.
We provide the following ways to obtain the username or password of a saved application without opening the User Portal:
Copy from the Browser Extension context menu on the application sign-in page or change password page.
Copy from a menu in the Browser Extension.
For instructions, see Copy credentials.
After a user copies a username or password from the User Portal, Browser Extension, or Browser Extension context menu, CyberArk Identity clears the information from the clipboard after n seconds have passed. You can configure the number of seconds. The default is 120 seconds.
This feature does not clear all information stored in the clipboard history. It only clears the most recently saved username and password. We recommend that you disable clipboard history to reduce your organization's vulnerability to attack.
In the Identity Administration portal, click Policies, then double-click a policy to open it.
Click Application Policies > User Settings.
In the Clear clipboard after the configured time (in seconds) field, specify how many seconds you want to wait before the clipboard is cleared.
This topic describes how to enable Land & Catch for your organization so users can add apps to their User Portal using the CyberArk Identity Browser Extension's Land & Catch feature. Land & Catch recognizes when users enter credentials and offers to add the site to their User Portal and store the user's credentials. As part of the Workforce Password Management feature, credentials are stored in either CyberArk Identity or in the CyberArk Privileged Access Manager - Self-Hosted self-hosted vault. Where the credentials are stored does not change the user experience. Regardless of where credentials are stored, users can leverage Land & Catch to conveniently add apps to their User Portal while securely storing their credentials.
Once enabled for users, Land & Catch is activated when a user logs in to a service provider's web site. The Browser Extension then asks via pop-up if the user wants to store the login information as an app on their User Portal. If the user agrees, the app appears in their User Portal.
Step 1: Disable your browser's password prompts and autofill features.
The Browser Extension might conflict with your browser's features to save passwords and autofill information. CyberArk recommends disabling those browser features to avoid conflicts.
Disable password prompts in Chrome
In order suppress the prompt to save passwords in your Chrome browser, select Disable Browser Password Prompts in the CyberArk Identity Browser Extension. When this option is selected, the Chrome privacy permission, Change your privacy related settings, is enabled in Chrome Extensions. This permission is required in order for the Browser Extension to suppress the prompt to save passwords in Chrome.
- Click the Browser Extension button in your browser.
Click the gear button (Settings) and select Disable Browser Password Prompts.
If you are prompted to grant additional permissions to CyberArk Identity Browser Extension, click Allow.
Disable or enable autofill in Chrome
Disable or enable autofill in Firefox
Disable or enable autofill in Edge
Step 2: Enable Land & Catch in the Identity Administration portal
Sign in to the Identity Administration portal, then click Core Services > Policies.
Select an existing policy set, or create a new one.
Policy sets are applied to users by applying them to everybody, specified roles, or sets.
Select Application Policies > User Settings.
Set Allow users to add personal apps to either -- or Yes.
Set Enable browser extension Land & Catch to Yes, then click Save.
Go to Application Policies > User Settings.
Set Allow users to customize personal apps to Yes, then select the fields where you want to allow customizations.
- Set Enable Browser Extension Land & Catch to Yes.
End users can now update the configured fields for the captured apps.