Install the Axiad Conductor Browser Extension Component

1. Open Chrome.

2. Navigate to the Chrome web store.

3. In the search bar, enter Axiad Conductor Browser Extension.

4. Click Axiad Conductor Browser Extension.

   

5. Click Add to Chrome.
   A pop-up message displays.

6. Click Add extension.
   The Axiad Conductor Browser Extension installs and displays on your Chrome extension page.

7. Browse and sign in to your Axiad Conductor site.
   The MyIdentities page displays by default.

8. Validate the extension:

   1. On the MyIdentities page, click Add Identity Device.
      An error message displays, informing you that the WebPCSC extension is not yet enabled.

   2. To the right of your address bar, click the Axiad Conductor Browser Extension icon.
      A pop up displays, asking for access to your smart cards.

   3. Click Always.
      The pop-up closes.

   4. Refresh the page.
      The Axiad Conductor Browser Extension validates.

1. Open Microsoft Edge.

2. Click the Extensions icon, to the right of your browser address bar.

3. Select Open Microsoft Edge Add-ons.

4. In the search bar, enter Axiad Conductor Browser Extension.

5. Click Get.
   A pop-up message displays.

6. Click Add extension.
   The Axiad Conductor Browser Extension installs and displays to the right of your browser address bar.

7. At the top right of your Edge browser, click the Extensions icon.

8. To the right of the Axiad Conductor Browser Extension, click ... > Manage Extension.
   

   

   The Extensions page displays.

9. Enable Allow inPrivate.
   

   

10. Sign into your Axiad Conductor site.
    The MyIdentities page displays by default.

11. Validate the extension:

    1. On the MyIdentities page, click Add Identity Device.
       An error message displays, informing you that the Axiad Conductor OS Bridge extension is not yet enabled.

    2. To the right of your address bar, click the Axiad Conductor Browser Extension icon.
       A pop up displays, asking for access to your smart cards.

    3. Click Always.
       The pop-up closes.

    4. Refresh the page.
       The Axiad Conductor Browser Extension validates.

1. Install and enable the Google Chrome policy template and Axiad Conductor OS Bridge value.

   1. Download the Google Chrome policy template from https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip and unpack the downloaded zip file.

   2. Copy the entire contents of the Windows\admx folder to your central store for Group Policy Administrative Template files.
      (The default location for this is \<domain.fqdn>\SYSVOL\<domain.fqdn>\policies\PolicyDefinitions.)

   3. Open the Group Policy Management Console (gpmc.msc).

   4. Either create a new Group Policy Object or open an existing one you want to edit.

   5. Navigate to either Computer Configuration or User Configuration.

   6. Browse to Policies > Administrative Templates: Policy definitions > Google Chrome > Extensions.

   7. Open the Configure the list of force-installed apps and extensions setting.
      The setting dialog box displays.

   8. Click Enabled.

   9. In the Options section, click Show.
      The Show Contents window displays.

   10. Copy the following value for Axiad Conductor Browser Extension and paste it in the Show Contents window:
       pbabkmdefcmabmlmnkmnlcijhcgmmdnc;https://clients2.google.com/service/update2/crx

   11. Click OK.

   12. Click Apply.

   13. Click OK.

2. Add new registry keys for domains you want to safelist.

   1. On your machine, navigate to either Computer Configuration or User Configuration folder.

   2. Browse to the Preferences > Windows Settings > Registry folder.

   3. Right-click the Registry folder and select New > Registry Item.
      The New Registry Properties dialog box displays.

   4. On the General tab, create the following keys for each domain you want to safelist:

      • Hive: HKEY_LOCAL_MACHINE

      • Key path: SOFTWARE\Policies\Google\chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy

      • Value name: noedit

      • Value type: REG_DWORD

      • Value data: 1
        ------------------------

      • Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy\whitelist

      • Value name: 1

      • Value type: REG_SZ

      • Value data: Provide the domain name here (ex: ucms.domaintest.com)

   5. Open a command prompt.

   6. Run gpupdate /force on the Domain Controller at the command prompt.
      If your changes do not reflect immediately, you may need to wait for the next default time interval.

   7. On the client machine (domain):

      1. Open a command prompt.

      2. Run gpupdate /force on the Domain Controller at the command prompt.

      3. Open Chrome.

      4. Click Extensions > More Tools to confirm that Axiad Conductor Browser Extension is in the Chrome extension list.

      5. Navigate to the HKLM > Software > Policies > Google > Chrome > 3rdparty > extensions > pbabkmdefcmabmlmnkmnlcijhcgmmdnc > policy > whitelist folder to verify the registry keys you created in step 2d display.

3. Validate the Axiad Conductor Browser Extension in the Axiad Conductor.

   1. Log into your Axiad Unified Portal.

   2. To the right of your address bar, click the Axiad Conductor Browser Extension icon.
      A pop up displays, asking for access to your smart cards.

   3. Click Always.
      The pop-up closes.

   4. Refresh the page.
      The Axiad Conductor Browser Extension is now validated.

As an alternative to GPO deployments, you can deploy Axiad Portal registry settings via an automated rollout using a third-party IT management solution.

On the remote machine, execute the default registry file below to install and safelist the correct domains:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist]
"1"="pbabkmdefcmabmlmnkmnlcijhcgmmdnc;https://clients2.google.com/service/update2/crx"
; WebPCSC Bridge Config (Google Chrome)

[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy]
; Controls whether or not the user may influence the whitelist.
; If true (1), limit the user to only hosts whitelisted ahead of time.
; If false (0), let the user approve or deny access to any host not whitelisted ahead of time.
"noedit"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\3rdparty\extensions\pbabkmdefcmabmlmnkmnlcijhcgmmdnc\policy\whitelist]

; Provides a preseeded whitelist of hosts that the WebPCSC Bridge will trust automatically.
; Create values of type REG_SZ numbering from 1 to N for as many entries as you desire.
"1"="portal-<UATstack>.demo.axiadids.net"
"2"="portal-<stack>.cloud.axiadids.net"

1. Using the Group Policy Management Console (gpmc.msc) on one of your domain controllers, open a new or existing GPO, go to Preferences > Registry, then right-click on Registry, select New > Registry Item:

2. For each domain you want to whitelist, create a new entry with the following settings:

   • Action: Create

   • Hive: HKEY_LOCAL_MACHINE

   • Key path: SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\jjilfdljambeacgjgnkhjhpiijgjddjl\policy\whitelist

   • Value name: 1 (increment with each new entry)

   • Value data: <ucms.corp.acme.com>

3. (optional) to prevent users from whitelisting additional domains:

   • Action: Create

   • Hive: HKEY_LOCAL_MACHINE

   • Key path: SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\jjilfdljambeacgjgnkhjhpiijgjddjl\policy

   • Value name: noedit

   • Value data: 1

4. Test/confirm your policy on a machine targeted by this group policy:

   1. Run gpupdate /force

   2. Open regedit.exe and verify the settings under HKLM\SOFTWARE\Policies

   3. Log into your portal and verify that the Axiad Conductor Browser Extension icon on the top-right turns green when a supported identity device is inserted

Force Installation

To force the installation, you can add the following:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist]

"1"="jjilfdljambeacgjgnkhjhpiijgjddjl"