Deploy Browser Extension to Managed Devices
When operating Bitwarden in a business setting, administrators may want to automate deployment of Bitwarden browser extensions to users with an endpoint management platform or group policy.
The process for doing so will be different for each operating system and browser:
Deploying Bitwarden browser extensions to browsers on Windows generally require using Windows Group Policy to target managed computers an ADMX policy template. The procedure is slightly different for each browser:
To deploy the browser extension on Windows and Google Chrome:
Download and unzip the Chrome Enterprise Bundle for Windows.
From the unzipped directory:
Copy
\Configuration\admx\chrome.admxtoC:\Windows\PolicyDefinitionsCopy
\Configuration\admx\en-US\chrome.admltoC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Google Chrome → Extensions.
In the right-hand settings area, select Configure the list of force-installed apps and extensions. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
nngceckbapebfimnlniiiahkandclblb;https://clients2.google.com/service/update2/crxClick OK.
Still in ...Administrative Templates → Google Chrome, select Password manager from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for credit cards options, found in settings area for ...Administrative Templates → Google Chrome.
Apply the newly-configured GPO to your desired scope.
To deploy the browser extension on Windows and Firefox:
Download and unzip the Firefox ADMX Template file.
From the unzipped directory:
Copy
\policy_templates_<version>\windows\firefox.admxtoC:\Windows\PolicyDefinitionsCopy
\policy_templates_<version>\windows\en-US\firefox.admltoC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Firefox → Extensions.
In the right-hand settings area, select Extensions to Install. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpiClick OK.
Back in the file tree select Firefox. In the right-hand settings area, Edit... and disable both the Offer to save logins and Offer to save logins (default) options.
Apply the newly-configured GPO to your desired scope.
To deploy the browser extension on Windows and Edge:
Download and unzip the Microsoft Edge Policy Files.
From the unzipped directory:
Copy
\windows\admx\msedge.admxtoC:\Windows\PolicyDefinitionsCopy
\windows\admx\en-US\msedge.admltoC:\Windows\PolicyDefinitions\en-US
Open the Windows Group Policy Manager and create a new GPO for the Bitwarden browser extension installation.
Right-click on the new GPO and select Edit..., and proceed to navigate to Computer Configuration → Policies → Administrative Templates → Microsoft Edge → Extensions.
In the right-hand settings area, select Control which extensions are installed silently. In the dialog, toggle the Enabled option.
Select the Show... button and add the following:
jbkfoedolllekgbhcbcoahefnbanhhlh;https://edge.microsoft.com/extensionwebstorebase/v1/crxClick OK.
Still in ..Administrative Templates → Microsoft Edge, select Password manager and protection from the file tree.
In the right-hand settings area, right-click Enable saving passwords to the password manager and select Edit. In the dialog, toggle the Disabled option and select OK.
Repeat Step 8 for the Enable Autofill for addresses and Enable Autofill for credit cards options, found in settings area for ...Administrative Templates → Microsoft Edge.
Apply the newly-configured GPO to your desired scope.
Deploying Bitwarden browser extensions to browsers on Linux generally involves using a .json file to set configuration properties. The procedure is slightly different for each browser:
To deploy the browser extension on Linux and Google Chrome:
Download the Google Chrome .deb or .rpm for Linux.
Download the Chrome Enterprise Bundle.
Unzip the Enterprise Bundle (
GoogleChromeEnterpriseBundle64.ziporGoogleChromeEnterpriseBundle32.zip) and open the/Configurationfolder.Make a copy of the
master_preferences.json(in Chrome 91+,initial_preferences.json) and rename itmanaged_preferences.json.Add the following to
managed_preferences.json:{ "policies:" { "ExtensionSettings": { "nngceckbapebfimnlniiiahkandclblb": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx" } } } }In this JSON object,
"nngceckbapebfimnlniiiahkandclblb"is the application identifier for the Bitwarden browser extension. Similarly,"https://clients2.google.com/service/update2/crx"signals Chrome to use the Chrome Web Store to retrieve the identified application.note
You may also configure forced installations using the ExtensionInstallForcelist policy, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Chrome's built-in password manager, add the following to
managed_preferences.jsoninside of"policies": { }:{ "PasswordManagerEnabled": false }Create the following directories if they do not already exist:
mkdir /etc/opt/chrome/policies mkdir /etc/opt/chrome/policies/managedMove
managed_preferences.jsoninto/etc/opt/chrome/policies/managed.As you will need to deploy these files to users' machines, we recommend making sure only admins can write files in the
/manageddirectory:chmod -R 755 /etc/opt/chrome/policiesUsing your preferred software distribution or MDM tool, deploy the following to users' machines:
Google Chrome Browser
/etc/opt/chrome/policies/managed/managed_preferences.json
tip
For more help, refer to Google's Chrome Browser Quick Start for Linux guide.
To deploy the browser extension on Linux and Firefox:
Download Firefox for Linux.
Create a
distributiondirectory within the Firefox installation directory.In the
distrubitiondirectory, create a filepolicies.json.Add the following to
policies.json:{ "policies": { "ExtensionSettings": { "446900e4-71c2-419f-a6a7-df9c091e268b": { "installation_mode": "force_installed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi" } } } }In this JSON object,
"446900e4-71c2-419f-a6a7-df9c091e268b"is the extension ID for the Bitwarden browser extension. Similarly,"https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"signals Firefox to use the extension store to retrieve the extension.(Recommended) To disable Firefox's built-in password manager, add the following to
policies.jsoninside of"policies": { }:{ "PasswordManagerEnabled": false }Using your preferred software distribution or MDM tool, deploy the following to users' machines:
Firefox Browser
/distribution/policies.json
tip
For more help, refer to Firefox's policies.json Overview or Policies README on Github.
Deploying Bitwarden browser extensions to browsers on macOS generally involves using a property list (.plist) file. The procedure is slightly different for each browser:
To deploy the browser extension on macOS & Google Chrome:
Download the Google Chrome .dmg or .pkg for macOS.
Download the Chrome Enterprise Bundle.
Unzip the Enterprise Bundle (
GoogleChromeEnterpriseBundle64.ziporGoogleChromeEnterpriseBundle32.zip).Open the
/Configuration/com.Google.Chrome.plistfile with any text editor.Add the following to the
.plistfile:<key>ExtensionSettings</key> <dict> <key>nngceckbapebfimnlniiiahkandclblb</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>update_url</key> <string>https://clients2.google.com/service/update2/crx</string> </dict> </dict>In this codeblock,
nngceckbapebfimnlniiiahkandclblbis the application identifier for the Bitwarden browser extension. Similarly,https://clients2.google.com/service/update2/crxsignals Chrome to use the Chrome Web Store to retrieve the identified application.note
You may also configure forced installations using the ExtensionInstallForcelist policy, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Chrome's built-in password manager, add the following to
com.Google.Chrome.plist:<key>PasswordManagerEnabled</key> <false />Convert the
com.Google.Chrome.plistfile to a configuration profile using a conversion tool like mcxToProfile.Deploy the Chrome
.dmgor.pkgand the configuration profile using your software distribution or MDM tool to all managed computers.
tip
For more help, refer to Google's Chrome Browser Quick Start for Mac guide.
To deploy the browser extension on MacOS and Firefox:
Download and install Firefox for Enterprise for macOS.
Create a
distributiondirectory inFirefox.app/Contents/Resources/.In the created
/distributiondirectory, create a new fileorg.mozilla.firefox.plist.tip
Use the Firefox .plist template and Policy README for reference.
Add the following to
org.mozilla.firefox.plist:<key>ExtensionSettings</key> <dict> <key>446900e4-71c2-419f-a6a7-df9c091e268b</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>update_url</key> <string>https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi</string> </dict> </dict>In this codeblock,
446900e4-71c2-419f-a6a7-df9c091e268bis the extension ID for the Bitwarden browser extension. Similarly,https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpisignals Firefox to use the extension store to retrieve the application.(Recommended) To disable Firefox's built-in password manager, add the following to
org.mozilla.firefox.plist:<dict> <key>PasswordManagerEnabled</key> <false/> </dict>Convert the
org.mozilla.firefox.plistfile to a configuration profile using a conversion tool like mcxToProfile.Deploy the Firefox
.dmgand the configuration profile using your software distribution or MDM tool to all managed computers.
To deploy the browser extension on macOS and Microsoft Edge:
Download the Microsoft Edge for macOS .pkg file.
In Terminal, use the following command to create a
.plistfile for Microsoft Edge:/usr/bin/defaults write ~/Desktop/com.microsoft.Edge.plist RestoreOnStartup -int 1Use the following command to convert the
.plistfrom binary to plain text:/usr/bin/plutil -convert xml1 ~/Desktop/com.microsoft.Edge.plistOpen
com.microsoft.Edge.plistand add the following:<key>ExtensionSettings</key> <dict> <key>jbkfoedolllekgbhcbcoahefnbanhhlh</key> <dict> <key>installation_mode</key> <string>force_installed</string> <key>update_url</key> <string>https://edge.microsoft.com/extensionwebstorebase/v1/crx</string> </dict> </dict>In this codeblock,
jbkfoedolllekgbhcbcoahefnbanhhlhis the application identifier for the Bitwarden browser extension. Similarly,https://edge.microsoft.com/extensionwebstorebase/v1/crxsignals Edge to use the Edge Add-On Store to retrieve the identified application.note
You may also configure forced installations using the ExtensionInstallForceList, however the ExtensionSettings method will supersede ExtensionInstallForceList.
(Recommended) To disable Edge's built-in password manager, add the following to
com.microsoft.Edge.plist:<key>PasswordManagerEnabled</key> <false/>Convert the
com.microsoft.Edge.plistfile to a configuration profile using a conversion tool like mcxToProfile.Deploy the Edge
.pkgand the configuration profile using your software distribution or MDM tool to all managed computers.
tip
For Jamf-specific help, refer to Microsoft's documentation on Configuring Microsoft Edge policy settings on macOS with Jamf.