Install Nightfall AI Extension via Google Workspace Admin
If an organization is utilizing Google Workspace to deploy extensions to Chrome, two options are provided to deploy the Nightfall extension and avoid conflicts on the machine.
Nightfall typically deploys the extension through common install methods, such as:
macOS: macOS Profile
Windows: MSI and registry key entries
However, some administrators utilize Google Workspace for extension deployment to Chrome. Here are two methods to deploy the Nightfall extension successfully using Google Workspace:
Policy Precedence (Preferred)
IMPORTANT: Nightfall does not know your environment. Each organization has to decide for themselves what method of deployment to utilize in their own environment.
Option 1: Policy Precedence (Preferred)
Within Google Workspace, set the Policy Precedence as Machine Cloud.
This is the preferred method of installing Nightfall, due to the control of the app deployment being handled and secured by Google Workspace cloud as opposed to the individual machine.
This option will include the following changes:
Changing Policy Precedence to Machine Cloud.
Adding the Nightfall DLP for Browsers app to Google Workspace.
Adjusting the Nightfall extension to Force Install.
Enabling the extension when in Incognito mode.
NOTE: If the Policy Precedence is NOT changed to Machine Cloud, and Google Workspace is being utilized for extension deployment, Nightfall's profile that is deployed via MDM will override any conflicts that occur with Google Workspace. This is why it is being recommended to change Policy Precedence to Machine Cloud and control extension deployment via Google Workspace.
Only proceed if this is appropriate for your environment.
From within the Google Workspace Admin console, adjust the Policy Precedence.
Click on Chrome Browser > Settings > Select the OU
Navigate down to Setting sources
Confirm Policy precedence is set to Machine Cloud first.
If yes, leave it as-is.
If not, adjust it to Machine Cloud.
Click into the Policy precedence setting.
Click on the "Configuration" flow under Inheritance. It may look like this:
Select Machine Cloud as the primary configuration.
Click Save
From within the Google Workspace Admin console, add the Nightfall DLP extension to Force Install so it automatically deploys.
Navigate to Devices > Chrome > Apps & Extensions
Select the appropriate OU.
Identify the Nightfall DLP for Browsers app
If the Nightfall DLP for Browsers app is not present, then install it from the Chrome Web Store.
Click the yellow circle with the + symbol at the bottom right.
Select "Chrome Web Store"
Name: Nightfall DLP for Browsers
ID: jgmgecncmjklkabkejnjfgfkglapfgek
Once the Nightfall DLP for Browsers app is visible, select it.
Change Allow install to Force install
Toggle on Extension is mandatory for Incognito
Click Save
Option 2: Policy MergeList
Within Google Workspace, set the Policy MergeList to merge policies from both sources - Cloud and Machine.
This is a last resort method to use if you do not want to adjust the Policy Precedence, and instead accept policies from both Google Workspace and direct from the machine (e.g., MDM Profile).
IMPORTANT: This takes control away from Google Workspace and allows both Cloud and Machine policies of equal importance to coexist. It is recommended to use Option 1, instead of Option 2, in most scenarios.
From within the Google Workspace Admin console, navigate to Devices > Chrome > Settings.
Under Setting sources, select Policy mergelist
Select the specific Organizational Unit for your deployment scope.
Under Configuration, specify individually the two policies,
ExtensionInstallForceListandExtensionSettings(one per line).Confirm the policy is applied in: chrome://policy
Check that the Source shows as Merged for the policies you want merged.
Last updated
Was this helpful?