# Deploying the Extension

Highflame Browser Security is distributed as a managed browser extension. It is deployed silently to employee devices via your existing browser management infrastructure — employees do not need to install it manually, and it cannot be disabled by users once force-installed.

***

## Before you start

You will need:

* Your **organization ID** and **extension API key** from Highflame Studio → Browser Security → Settings
* Admin access to your browser management console (Chrome Browser Cloud Management, Intune, Jamf, etc.)
* The extension IDs for the browsers you are deploying to:

| Browser                  | Extension ID                                                  |
| ------------------------ | ------------------------------------------------------------- |
| Chrome / Edge (Chromium) | Available in Highflame Studio → Browser Security → Deployment |
| Firefox                  | Available in Highflame Studio → Browser Security → Deployment |
| Safari                   | Distributed via MDM profile — download from Studio            |

***

## Chrome

### Via Chrome Browser Cloud Management (recommended)

1. Sign in to [Google Admin Console](https://admin.google.com) → **Devices** → **Chrome** → **Apps & Extensions**
2. Select the organizational unit to deploy to
3. Click **+** → **Add Chrome app or extension by ID**
4. Enter the Highflame extension ID
5. Set installation policy to **Force install**
6. Under **Policy for extensions**, paste the managed configuration JSON from Highflame Studio:

```json
{
  "organizationId": "your-org-id",
  "apiKey": "your-extension-api-key",
  "mode": "enforce"
}
```

7. Save. The extension deploys to enrolled devices at the next policy sync (typically within 15 minutes).

### Via Group Policy (Windows, on-premise)

1. Download the [Chrome ADMX templates](https://chromeenterprise.google/browser/download/) and import into Group Policy Management
2. Navigate to **Computer Configuration** → **Administrative Templates** → **Google Chrome** → **Extensions**
3. Enable **Configure the list of force-installed apps and extensions**
4. Add the extension using the format: `<extension-id>;https://clients2.google.com/service/update2/crx`
5. Deploy managed JSON configuration via **Configure extension management settings**

***

## Edge

### Via Microsoft Intune

1. Sign in to [Intune Admin Center](https://intune.microsoft.com) → **Devices** → **Configuration profiles**
2. Create a new profile: Platform = **Windows 10 and later**, Profile type = **Settings catalog**
3. Search for **Microsoft Edge** → **Extensions** → **Control which extensions are installed silently**
4. Add the Highflame extension ID
5. Under **Configure extension management settings**, add the managed configuration JSON from Studio
6. Assign the profile to the target device or user group

### Via Group Policy

1. Download the [Edge ADMX templates](https://www.microsoft.com/en-us/edge/business/download) and import
2. Navigate to **Computer Configuration** → **Administrative Templates** → **Microsoft Edge** → **Extensions**
3. Enable **Control which extensions are installed silently** and add the extension ID
4. Configure managed JSON via **Configure extension management settings**

***

## Firefox

### Via Enterprise Policy

Firefox enterprise policy is configured via a `policies.json` file or Group Policy (Windows only).

**policies.json** (macOS, Linux):

Place the following at `/etc/firefox/policies/policies.json` (Linux) or `/Library/Application Support/Mozilla/policies/policies.json` (macOS):

```json
{
  "policies": {
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/file/<highflame-xpi-url>"
      ],
      "Locked": ["highflame-browser-security@highflame.ai"]
    },
    "3rdparty": {
      "Extensions": {
        "highflame-browser-security@highflame.ai": {
          "organizationId": "your-org-id",
          "apiKey": "your-extension-api-key",
          "mode": "enforce"
        }
      }
    }
  }
}
```

**Windows Group Policy**:

1. Download the [Firefox ADMX templates](https://github.com/mozilla/policy-templates/releases)
2. Import into Group Policy Management
3. Navigate to **Computer Configuration** → **Administrative Templates** → **Mozilla** → **Firefox** → **Extensions**
4. Configure the extension install URL and managed policy

***

## Safari

Safari extension deployment requires an MDM profile.

1. In Highflame Studio → Browser Security → Deployment, download the `.mobileconfig` profile for your organization. The profile includes your org ID and API key pre-configured.
2. Upload the profile to your MDM (Jamf, Mosyle, Kandji, or any SCEP-compatible MDM)
3. Scope it to the target device group and deploy

The extension appears in Safari's extension list and cannot be disabled by users when deployed via MDM.

***

## Verifying deployment

Once deployed, devices register with Highflame Studio automatically on first browser launch. You can verify in **Highflame Studio** → **Browser Security** → **Devices**:

* Device appears in the device list
* Status shows **Active**
* Last seen timestamp updates as the device phones home

If a device does not appear within 30 minutes of deployment, check:

* The extension is listed as installed in the browser's extension manager
* The managed configuration JSON contains the correct `organizationId` and `apiKey`
* The device has outbound HTTPS access to `api.highflame.ai`

***

## Updating the extension

Extension updates are delivered automatically through the browser's standard extension update mechanism. No action is required from IT. The extension checks for updates on each browser launch and applies them silently.

To pin to a specific version or delay updates, use the extension management settings in your browser management console.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/browser-security/deployment.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.