Deploy Browser Extension to Managed Devices
When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden browser extensions to users with an endpoint management platform or group policy.
The process for doing so will be different for each operating system and browser:
Deploying Bitwarden browser extensions to browsers on Windows generally require using Windows Group Policy to target managed computers an ADMX policy template. The procedure is slightly different for each browser:
To deploy the browser extension on Windows and Google Chrome:
Download and unzip the Chrome Enterprise Bundle for Windows.
From the unzipped directory:
Copy
\Configuration\admx\chrome.admx
toC:\Windows\PolicyDefinitions
Copy
\Configuration\admx\en-US\chrome.adml
toC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Google Chrome → Extensions.
In the right-hand settings area, select Configure the list of force-installed apps and extensions. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
nngceckbapebfimnlniiiahkandclblb;https://clients2.google.com/service/update2/crx
Click OK.
Still in ...Administrative Templates → Google Chrome, select Password manager from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for credit cards options, found in settings area for ...Administrative Templates → Google Chrome.
Apply the newly-configured GPO to your desired scope.
To deploy the browser extension on Windows and Firefox:
Download and unzip the Firefox ADMX Template file.
From the unzipped directory:
Copy
\policy_templates_<version>\windows\firefox.admx
toC:\Windows\PolicyDefinitions
Copy
\policy_templates_<version>\windows\en-US\firefox.adml
toC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Firefox → Extensions.
In the right-hand settings area, select Extensions to Install. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi
Click OK.
Back in the file tree select Firefox. In the right-hand settings area, Edit... and disable both the Offer to save logins and Offer to save logins (default) options.
Apply the newly-configured GPO to your desired scope.
To deploy the browser extension on Windows and Edge:
Download and unzip the Microsoft Edge Policy Files.
From the unzipped directory:
Copy
\windows\admx\msedge.admx
toC:\Windows\PolicyDefinitions
Copy
\windows\admx\en-US\msedge.adml
toC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Microsoft Edge → Extensions.
In the right-hand settings area, select Control which extensions are installed silently. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
jbkfoedolllekgbhcbcoahefnbanhhlh;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Click OK.
Still in ..Administrative Templates → Microsoft Edge, select Password manager and protection from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for credit cards options, found in settings area for ...Administrative Templates → Microsoft Edge.
Apply the newly-configured GPO to your desired scope.
Deploying Bitwarden browser extensions to browsers on Linux generally involves using a .json
file to set configuration properties. The procedure is slightly different for each browser:
To deploy the browser extension on Linux and Google Chrome:
Download the Google Chrome .deb or .rpm for Linux.
Download the Chrome Enterprise Bundle.
Unzip the Enterprise Bundle (
GoogleChromeEnterpriseBundle64.zip
orGoogleChromeEnterpriseBundle32.zip
) and open the/Configuration
folder.Make a copy of the
master_preferences.json
(in Chrome 91+,initial_preferences.json
) and rename itmanaged_preferences.json
.Add the following to
managed_preferences.json
:{ "policies:" { "ExtensionSettings": { "nngceckbapebfimnlniiiahkandclblb": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx" } } } }
In this JSON object,
"nngceckbapebfimnlniiiahkandclblb"
is the application identifier for the Bitwarden browser extension. Similarly,"https://clients2.google.com/service/update2/crx"
signals Chrome to use the Chrome Web Store to retrieve the identified application.note
You may also configure forced installations using the ExtensionInstallForcelist policy, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Chrome's built-in password manager, add the following to
managed_preferences.json
inside of"policies": { }
:{ "PasswordManagerEnabled": false }
Create the following directories if they do not already exist:
mkdir /etc/opt/chrome/policies mkdir /etc/opt/chrome/policies/managed
Move
managed_preferences.json
into/etc/opt/chrome/policies/managed
.As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the
/managed
directory:chmod -R 755 /etc/opt/chrome/policies
Using your preferred software distribution or MDM tool, deploy the following to users' machines:
Google Chrome Browser
/etc/opt/chrome/policies/managed/managed_preferences.json