Deploying the Windows browser helper

Why is the Windows browser helper useful?

The browser extension needs to know the identity of the user to tell Trelica which business apps they are accessing.

Trelica has various ways to identify this. At the simplest level, the user can login to Trelica, although other approaches are available (e.g. if they're logged in to the web browser with a work account, or by sending the user a link to click to identify them).

Each of these approaches has downsides, particularly if multiple browsers are being used. 

What is the Windows browser helper?

The Windows browser helper is a light-weight (under 200k) executable which uses the Native Messaging browser protocol to communicate with Chrome, Edge and Firefox.

The browser extension tells the browser to load the agent and all communication is through the browser. 

Source code is available to customers upon request.

helper.png

Installing the Browser helper

Go to Admin > Settings > Browser extension

Click to download the Windows browser helper MSI, and you will be shown the msiexec command used to install it:

  • By default msiexec will install for the current user.
  • To deploy to all users on the device append ALLUSERS=1 to the command.
  • To deploy to all users AND to install registry settings to force install the extension for Chrome and Edge then append MSIINSTALLPERUSER="" to the command, e.g.
    msiexec /i TrelicaBrowserHelper.msi ORGID=af278...4242 DOMAIN=app.trelica.com MSIINSTALLPERUSER=""

Deployment at scale

We recommend distributing the helper to all users using an end-point management solution like Microsoft Endpoint Manager (formerly known as Intune). 

You should also distribute the extensions

We recommend deploying the Browser helper before pushing the extension. If you push the extension first then users may be prompted to login to Trelica manually.

Troubleshooting

The helper identifies the logged in user by the equivalent of the whoami /upn command. If the user isn't a domain user, then it fallsback to the equivalent of whoami /user.

If the user isn't logged in using Microsoft Entra ID or Microsoft 365, then the user name may not match a person in Trelica. In this case you may need to map user accounts to Trelica identities. Please contact support@trelica.com for help with this.

The MSI won't deploy correctly

Please run msiexec using the following parameters to log verbose output to a file:

msiexec /l*v %TEMP%\install.log /i TrelicaBrowserHelper.msi DOMAIN=... ORGID=...

Where is the Browser helper installed?

The helper is installed to a TrelicaBrowserHelper folder in the current user's %LocalAppData%/Programs folder.

If you used the ALLUSERS=1 switch then it will be installed to C:\Program Files\TrelicaBrowserHelper

Where is the Organization ID and domain stored?

The installer writes the Organization ID and domain to the registry under:

HKEY_CURRENT_USER\SOFTWARE\Trelica\TrelicaBrowserHelper

The helper checks this location when it runs, and if no value is found then the helper also checks the same path under HKEY_LOCAL_MACHINE.

How does a browser know to run the Browser helper?

On Windows, browsers look for a key called com.trelica.browser_helper in the registry. The parent key depends on the browser:

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\NativeMessagingHosts
HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\NativeMessagingHosts

The key value contains a path to a JSON manifest file which contains a path attribute which tells the extension where to find the executable.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.