Deploying the Extension

Highflame Browser Security is distributed as a managed browser extension. It is deployed silently to employee devices via your existing browser management infrastructure — employees do not need to install it manually, and it cannot be disabled by users once force-installed.

Before you start

You will need:

Your organization ID and extension API key from Highflame Studio → Browser Security → Settings
Admin access to your browser management console (Chrome Browser Cloud Management, Intune, Jamf, etc.)
The extension IDs for the browsers you are deploying to:

Browser

Extension ID

Chrome / Edge (Chromium)

Available in Highflame Studio → Browser Security → Deployment

Firefox

Available in Highflame Studio → Browser Security → Deployment

Safari

Distributed via MDM profile — download from Studio

Chrome

Via Chrome Browser Cloud Management (recommended)

Sign in to Google Admin Console → Devices → Chrome → Apps & Extensions
Select the organizational unit to deploy to
Click + → Add Chrome app or extension by ID
Enter the Highflame extension ID
Set installation policy to Force install
Under Policy for extensions, paste the managed configuration JSON from Highflame Studio:

{
  "organizationId": "your-org-id",
  "apiKey": "your-extension-api-key",
  "mode": "enforce"
}

Save. The extension deploys to enrolled devices at the next policy sync (typically within 15 minutes).

Via Group Policy (Windows, on-premise)

Download the Chrome ADMX templates and import into Group Policy Management
Navigate to Computer Configuration → Administrative Templates → Google Chrome → Extensions
Enable Configure the list of force-installed apps and extensions
Add the extension using the format: <extension-id>;https://clients2.google.com/service/update2/crx
Deploy managed JSON configuration via Configure extension management settings

Edge

Via Microsoft Intune

Sign in to Intune Admin Center → Devices → Configuration profiles
Create a new profile: Platform = Windows 10 and later, Profile type = Settings catalog
Search for Microsoft Edge → Extensions → Control which extensions are installed silently
Add the Highflame extension ID
Under Configure extension management settings, add the managed configuration JSON from Studio
Assign the profile to the target device or user group

Via Group Policy

Download the Edge ADMX templates and import
Navigate to Computer Configuration → Administrative Templates → Microsoft Edge → Extensions
Enable Control which extensions are installed silently and add the extension ID
Configure managed JSON via Configure extension management settings

Firefox

Via Enterprise Policy

Firefox enterprise policy is configured via a policies.json file or Group Policy (Windows only).

policies.json (macOS, Linux):

Place the following at /etc/firefox/policies/policies.json (Linux) or /Library/Application Support/Mozilla/policies/policies.json (macOS):

{
  "policies": {
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/file/<highflame-xpi-url>"
      ],
      "Locked": ["[email protected]"]
    },
    "3rdparty": {
      "Extensions": {
        "[email protected]": {
          "organizationId": "your-org-id",
          "apiKey": "your-extension-api-key",
          "mode": "enforce"
        }
      }
    }
  }
}

Windows Group Policy:

Download the Firefox ADMX templates
Import into Group Policy Management
Navigate to Computer Configuration → Administrative Templates → Mozilla → Firefox → Extensions
Configure the extension install URL and managed policy

Safari

Safari extension deployment requires an MDM profile.

In Highflame Studio → Browser Security → Deployment, download the .mobileconfig profile for your organization. The profile includes your org ID and API key pre-configured.
Upload the profile to your MDM (Jamf, Mosyle, Kandji, or any SCEP-compatible MDM)
Scope it to the target device group and deploy

The extension appears in Safari's extension list and cannot be disabled by users when deployed via MDM.

Verifying deployment

Once deployed, devices register with Highflame Studio automatically on first browser launch. You can verify in Highflame Studio → Browser Security → Devices:

Device appears in the device list
Status shows Active
Last seen timestamp updates as the device phones home

If a device does not appear within 30 minutes of deployment, check:

The extension is listed as installed in the browser's extension manager
The managed configuration JSON contains the correct organizationId and apiKey
The device has outbound HTTPS access to api.highflame.ai

Updating the extension

Extension updates are delivered automatically through the browser's standard extension update mechanism. No action is required from IT. The extension checks for updates on each browser launch and applies them silently.

To pin to a specific version or delay updates, use the extension management settings in your browser management console.

PreviousOverview NextThreat Coverage

Last updated 1 month ago