If you're using Google Workspace then the easiest way to deploy the browser extension is using Google's Admin console. This works well if:
- Your users mostly use Chrome.
- You force users to login to Chrome with their work email address.
To check this setting, log in to Google Workspace as an admin and go to Devices > Chrome > Settings > Users & browsers > Sign-in settings > Browser sign-in settings and look for Force users to sign-in to use the browser.
If you're not using Google Workspace or if your users use a range of browsers and you want more complete coverage, then you should consider deploying the Browser helper (Windows and macOS) before deploying the various browser extensions.
This article walks you through a recommended approach for this.
Testing on your own machine
Browser helper
You should deploy the Browser helper first. You can test it locally on your machine by simply downloading and installing from Admin > Settings > Browser extension.
Check that the helper is installed (Windows and macOS) and that the parameters have been set correctly (Windows and macOS).
Browser extension
We recommend creating a new profile if you're using Chrome or Edge and using this for testing the extension.
Profiles can be easily deleted which makes re-testing easier, especially if the extension has logged in, since you can remove the profile which deletes any authentication tokens.
Install the browser extension for your browser and you should see it in the list of extensions.
Click on the Trelica icon and the extension should show:
If this isn't working then run through the General troubleshooting steps below.
In particular verify that your user name format maps correctly to your email address in Trelica (Windows and macOS).
Select a pilot group
Once you're comfortable with how things work, we recommend testing the roll-out with a small group of users who can give you quick feedback. If you run a heterogeneous environment then make sure you include a mix of macOS and Windows devices.
Deploying to the pilot group
Deploying the browser helper
You'll need to deploy the Browser helper using an endpoint management tool. The helper is provided as an MSI for Windows and a macOS installer package (pkg). These are very widely adopted formats and any endpoint management tool should allow you to deploy them.
Note that for Windows you have to pass Organization ID and domain parameters to the MSI, and for MacOS you will need to run the executable in a second step after installation in order to set the correct parameters.
You will have been shown the relevant commands when you downloaded the helper from Trelica.
Test this with some users in your pilot group, checking that the helper is installed (Windows and macOS) and that the parameters have been set correctly (Windows and macOS).
Deploying the extension
Once you're comfortable that the browser helper is working you can roll out the extension.
There are detailed instructions for doing this in Windows and macOS.
Check that users can see the extension and are being logged in correctly.
Rolling out
Providing your pilot goes smoothly, you are now ready to roll out the extension to the rest of your organization.
Although the extension installs silently, users may notice it's presence, so we recommend sending some communication before deployment, so that users understand what the Trelica extension is for.
We suggest emphasizing how IT wants to spend money as efficiently as possible, and understanding what software is being used is critical to this process.
Rolling out for Safari
Extensions in Safari work differently to other browsers.
- The extension is wrapped in a binary executable.
- Extensions can't be force-installed - each user must manually enable the extension.
- Users have to click an additional box to grant the extenson access to all web-pages.
Since the extension is wrapped in a binary you don't need to deploy the Browser helper separately (although you may want to do this for other browsers on the user's machine).
However, because the installation process requires manual steps, you may want to send emails to users with Authentication links to prompt them to install it.
General troubleshooting
Is the helper working?
If the helper is working, then you should see your initials on the bottom-right of the popup. When you click on these then you'll see the email address being used, and an 'info' button to the right.
Hovering over this will confirm that the login is based on login name and you will have the option to override this by actually logging in to Trelica.
If you are asked to log in...
If the browser helper is installed and you are prompted to log in then there is a problem. You should look at the log. Hold down Alt
(Windows) or Option
(macOS) and click the More info link.
There are buttons at the bottom for copying the logs to the clipboard or clearing them.
To clearly identify login issues we recommend:
- Clear the log
- Quit the browser completely (Cmd+Q on macOS, or Alt+F4 on Windows)
- Restart the browser
- Immediately open the logs and look at the output
Checking the extension log when you are logged in successfully
If you ever need to view the log once the extension is installed and working, hold down Alt
(Windows) or Option
(macOS) and click the info icon at the top-right:
Checking the browser extension version
Click the puzzle piece icon and choose Manage Extensions:
Click Details on Trelica:
You can then see the installed version. The extension should be updated by the browser automatically.
Windows troubleshooting
Confirm the username being passed
At a Command prompt, run the whoami /upn
command. If the user isn't a domain user then you will get an error. In this case try whoami /user
.
This user name (after the \
if one is present) is used to identify the user in your Trelica site.
If there is no email address present, then Trelica will append any of the validated domains for which the extension is enabled to match an email address.
So, if whoami /user
returns machine123\john.doe
and if example.org and example.com are verified domains in Trelica, it will match with any Trelica person with the email john.doe@example.org or john.doe@example.com.
Verify that there is a person in Trelica with this email by searching the People list.
If your Windows logins are a different format, contact support@trelica.com to resolve this.
Check the helper is installed
Open File Explorer, and enter in the path %LocalAppData%/Programs
You should see a TrelicaBrowserHelper
folder. If you do not, then check C:\Program Files
(the location where the helper is installed if deployed to the machine, rather than an individual user).
The folder should contain the executable and manifest.chrome
and manifest.firefox
files
.
Check the parameters are set correctly
Use regedit and find either
HKEY_CURRENT_USER\SOFTWARE\Trelica\TrelicaBrowserHelper
or, if you ran msiexec with ALLUSERS=1:
HKEY_LOCAL_MACHINE\SOFTWARE\Trelica\TrelicaBrowserHelper
Verify that the Organization ID and domain are set.
Check that native messaging is configured
The extension asks the browser to load the Browser helper. This should be seamless but you can check this is configured correctly.
On Windows, browsers look for a key called com.trelica.browser_helper.json
in the registry. The parent key depends on the browser:
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts
HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\NativeMessagingHosts
The same paths under HKEY_LOCAL_MACHINE
are also checked.
The key value contains a path to a JSON manifest file which contains a path attribute which tells the extension where to find the executable.
This should point to a file in the folder where the Browser helper is installed, which you located previously.
Cut and paste this path into File Explorer to verify it points to the correct location.
macOS troubleshooting
Confirm the username being passed
In a Terminal window, run the whoami
command.
If there is no email address present in the user name, then Trelica will append any of the validated domains for which the extension is enabled to match an email address.
So, if whoami
returns john.doe
and if example.org and example.com are verified domains in Trelica, it will match with any Trelica person with the email john.doe@example.org or john.doe@example.com.
Verify that there is a person in Trelica with this email by searching the People list.
If your macOS logins are a different format, contact support@trelica.com to resolve this.
Check the helper is installed
In Finder, choose Go > Go to Folder... (⇧⌘G) and paste in
~/Library/Group Containers/2MXR75AJYH.com.trelica.macgroup/Library/Application Support/Trelica
You should see two files: the TrelicaBrowserHelper
binary and BrowserHelper.plist
Check the parameters are set correctly
Load BrowserHelper.plist
file into a text editor and verify that the Domain and OrgId values match your Trelica domain and Organization ID:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Domain</key>
<string>app.trelica.com</string>
<key>OrgId</key>
<string>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</string>
</dict>
</plist>
Check that native messaging is configured
The extension asks the browser to load the Browser helper. This should be seamless but you can check this is configured correctly.
On macOS, browsers look for a file called com.trelica.browser_helper.json
in a folder specific to the browser.
~/Library/Application Support/Google/Chrome/NativeMessagingHosts
~/Library/Application Support/Mozilla/NativeMessagingHosts
~/Library/Application Support/Microsoft/Edge/NativeMessagingHosts
This JSON file should have a path
attribute which points to the TrelicaBrowserHelper
folder you located previously. Cut and paste this path to Finder to verify it points to the correct location.
Comments
0 comments
Please sign in to leave a comment.