Skip to main content

Overview

Deploy the Velatir browser extension to managed devices with pre-configured settings. This guide covers deployment via Microsoft Intune (Windows), SCCM / Configuration Manager (Windows), and Jamf Pro (macOS).

Extension Details

BrowserExtension IDStore Link
ChromebbiokppljpbjgiogcoggjnfffbeiihjaChrome Web Store
EdgephgnjcoglpdamjjmidheehacjbkgkoocEdge Add-ons
Firefoxvelatir@velatir.comFirefox Add-ons

Managed Configuration

The extension accepts configuration via managed storage policies:
PropertyTypeDescription
apiTokenstringYour Velatir API key
organizationNamestringDisplay name shown in the extension
Additional properties (endpoint, organizationId, enabledServices) are available for advanced configurations. Contact support if you need these.

Microsoft Intune (Windows)

Chrome Extension

Use this method to install the extension and configure the API token and organization name. This approach works reliably for the 3rdparty managed configuration that Settings Catalog does not support.
  1. Go to Devices > Remediations > Create script package
  2. Name it “Velatir Chrome Extension Deployment”
Detection script (Detect-VelatirChrome.ps1): 
$ExtensionId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$ForcelistPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
$PolicyPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ExtensionId\policy"

# Check if extension is in force install list
$ForcelistExists = $false
if (Test-Path $ForcelistPath) {
    $Values = Get-ItemProperty -Path $ForcelistPath -ErrorAction SilentlyContinue
    foreach ($Property in $Values.PSObject.Properties) {
        if ($Property.Value -like "$ExtensionId;*") {
            $ForcelistExists = $true
            break
        }
    }
}

# Check if policy configuration exists
$PolicyExists = (Test-Path $PolicyPath) -and
                (Get-ItemProperty -Path $PolicyPath -Name "apiToken" -ErrorAction SilentlyContinue)

if ($ForcelistExists -and $PolicyExists) {
    Write-Output "Velatir Chrome extension is configured"
    exit 0
} else {
    Write-Output "Velatir Chrome extension needs configuration"
    exit 1
}
Remediation script (Remediate-VelatirChrome.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"

# Extension details
$ExtensionId = "bbiokppljpbjgiogcoggjnfffbeiihja"
$UpdateUrl = "https://clients2.google.com/service/update2/crx"

# Registry paths
$ForcelistPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist"
$PolicyPath = "HKLM:\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\$ExtensionId\policy"

# Create ExtensionInstallForcelist
if (-not (Test-Path $ForcelistPath)) {
    New-Item -Path $ForcelistPath -Force | Out-Null
}

# Find next available index
$NextIndex = 1
$ExistingValues = Get-ItemProperty -Path $ForcelistPath -ErrorAction SilentlyContinue
if ($ExistingValues) {
    $Indices = $ExistingValues.PSObject.Properties |
               Where-Object { $_.Name -match '^\d+$' } |
               ForEach-Object { [int]$_.Name }
    if ($Indices) { $NextIndex = ($Indices | Measure-Object -Maximum).Maximum + 1 }

    # Check if already exists
    foreach ($Property in $ExistingValues.PSObject.Properties) {
        if ($Property.Value -like "$ExtensionId;*") {
            $NextIndex = $null
            break
        }
    }
}

if ($NextIndex) {
    Set-ItemProperty -Path $ForcelistPath -Name $NextIndex -Value "$ExtensionId;$UpdateUrl"
}

# Create 3rdparty policy configuration
if (-not (Test-Path $PolicyPath)) {
    New-Item -Path $PolicyPath -Force | Out-Null
}

Set-ItemProperty -Path $PolicyPath -Name "apiToken" -Value $ApiToken -Type String
Set-ItemProperty -Path $PolicyPath -Name "organizationName" -Value $OrganizationName -Type String

Write-Output "Velatir Chrome extension configured successfully"
  1. Configure the script package:
    • Run this script using the logged-on credentials: No
    • Enforce script signature check: No
    • Run script in 64-bit PowerShell: Yes
  2. Assign to your device groups
  3. Set the schedule (e.g., once per day)

Method B: Settings Catalog (Force Install Only)

Use this method if you only need to install the extension without pre-configured settings.
  1. Sign in to the Microsoft Intune admin center
  2. Go to Devices > Configuration > Create > New policy
  3. Select:
    • Platform: Windows 10 and later
    • Profile type: Settings catalog
  4. Name your profile (e.g., “Velatir Chrome Extension”)
  5. Click Add settings and search for Google Chrome
  6. Select Google Chrome > Extensions
  7. Enable Configure the list of force-installed apps and extensions
  8. Add the following value: 
    bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx
  9. Assign to your device groups and create the profile

Edge Extension

Use the same approach as Chrome, with Edge-specific paths. Detection script (Detect-VelatirEdge.ps1): 
$ExtensionId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$ForcelistPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"
$PolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$ExtensionId\policy"

$ForcelistExists = $false
if (Test-Path $ForcelistPath) {
    $Values = Get-ItemProperty -Path $ForcelistPath -ErrorAction SilentlyContinue
    foreach ($Property in $Values.PSObject.Properties) {
        if ($Property.Value -like "$ExtensionId;*") {
            $ForcelistExists = $true
            break
        }
    }
}

$PolicyExists = (Test-Path $PolicyPath) -and
                (Get-ItemProperty -Path $PolicyPath -Name "apiToken" -ErrorAction SilentlyContinue)

if ($ForcelistExists -and $PolicyExists) {
    Write-Output "Velatir Edge extension is configured"
    exit 0
} else {
    Write-Output "Velatir Edge extension needs configuration"
    exit 1
}
Remediation script (Remediate-VelatirEdge.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"

# Extension details
$ExtensionId = "phgnjcoglpdamjjmidheehacjbkgkooc"
$UpdateUrl = "https://edge.microsoft.com/extensionwebstorebase/v1/crx"

# Registry paths
$ForcelistPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist"
$PolicyPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\$ExtensionId\policy"

# Create ExtensionInstallForcelist
if (-not (Test-Path $ForcelistPath)) {
    New-Item -Path $ForcelistPath -Force | Out-Null
}

$NextIndex = 1
$ExistingValues = Get-ItemProperty -Path $ForcelistPath -ErrorAction SilentlyContinue
if ($ExistingValues) {
    $Indices = $ExistingValues.PSObject.Properties |
               Where-Object { $_.Name -match '^\d+$' } |
               ForEach-Object { [int]$_.Name }
    if ($Indices) { $NextIndex = ($Indices | Measure-Object -Maximum).Maximum + 1 }

    foreach ($Property in $ExistingValues.PSObject.Properties) {
        if ($Property.Value -like "$ExtensionId;*") {
            $NextIndex = $null
            break
        }
    }
}

if ($NextIndex) {
    Set-ItemProperty -Path $ForcelistPath -Name $NextIndex -Value "$ExtensionId;$UpdateUrl"
}

# Create 3rdparty policy configuration
if (-not (Test-Path $PolicyPath)) {
    New-Item -Path $PolicyPath -Force | Out-Null
}

Set-ItemProperty -Path $PolicyPath -Name "apiToken" -Value $ApiToken -Type String
Set-ItemProperty -Path $PolicyPath -Name "organizationName" -Value $OrganizationName -Type String

Write-Output "Velatir Edge extension configured successfully"
Why use Remediations instead of Settings Catalog?The Intune Settings Catalog does not support configuring the 3rdparty policy that passes managed configuration to extensions. Using Remediations with registry keys is the reliable method to deploy both the extension installation and its configuration settings.

Method B: Settings Catalog (Force Install Only)

Use this method if you only need to install the extension without pre-configured settings.
  1. Create a new Settings catalog profile
  2. Search for Microsoft Edge > Extensions
  3. Enable Control which extensions are installed silently
  4. Add the following value: 
    phgnjcoglpdamjjmidheehacjbkgkooc;https://edge.microsoft.com/extensionwebstorebase/v1/crx
  5. Assign to your device groups

Firefox Extension

Firefox uses a different policy mechanism than Chrome and Edge. Instead of ExtensionInstallForcelist and registry-based 3rdparty keys, Firefox uses ExtensionSettings and its own 3rdparty.Extensions policy — configured via registry keys under HKLM:\SOFTWARE\Policies\Mozilla\Firefox\. This method installs the extension and configures the API token and organization name.
  1. Go to Devices > Remediations > Create script package
  2. Name it “Velatir Firefox Extension Deployment”
Detection script (Detect-VelatirFirefox.ps1): 
$ExtensionId = "velatir@velatir.com"
$ExtensionSettingsPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox"
$PolicyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$ExtensionId"

# Check if ExtensionSettings contains our extension
$ExtSettingsExists = $false
if (Test-Path $ExtensionSettingsPath) {
    $ExtSettings = Get-ItemProperty -Path $ExtensionSettingsPath -Name "ExtensionSettings" -ErrorAction SilentlyContinue
    if ($ExtSettings -and $ExtSettings.ExtensionSettings -like "*$ExtensionId*") {
        $ExtSettingsExists = $true
    }
}

# Check if 3rdparty policy configuration exists
$PolicyExists = (Test-Path $PolicyPath) -and
                (Get-ItemProperty -Path $PolicyPath -Name "apiToken" -ErrorAction SilentlyContinue)

if ($ExtSettingsExists -and $PolicyExists) {
    Write-Output "Velatir Firefox extension is configured"
    exit 0
} else {
    Write-Output "Velatir Firefox extension needs configuration"
    exit 1
}
Remediation script (Remediate-VelatirFirefox.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"

# Extension details
$ExtensionId = "velatir@velatir.com"
$InstallUrl = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi"

# Registry paths
$FirefoxPolicyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox"
$ThirdPartyPath = "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\$ExtensionId"

# Create Firefox policy key if needed
if (-not (Test-Path $FirefoxPolicyPath)) {
    New-Item -Path $FirefoxPolicyPath -Force | Out-Null
}

# Set ExtensionSettings as a JSON string
$ExtensionSettings = @{
    $ExtensionId = @{
        installation_mode = "force_installed"
        install_url = $InstallUrl
    }
} | ConvertTo-Json -Compress

Set-ItemProperty -Path $FirefoxPolicyPath -Name "ExtensionSettings" -Value $ExtensionSettings -Type String

# Create 3rdparty policy configuration
if (-not (Test-Path $ThirdPartyPath)) {
    New-Item -Path $ThirdPartyPath -Force | Out-Null
}

Set-ItemProperty -Path $ThirdPartyPath -Name "apiToken" -Value $ApiToken -Type String
Set-ItemProperty -Path $ThirdPartyPath -Name "organizationName" -Value $OrganizationName -Type String

Write-Output "Velatir Firefox extension configured successfully"
  1. Configure the script package:
    • Run this script using the logged-on credentials: No
    • Enforce script signature check: No
    • Run script in 64-bit PowerShell: Yes
  2. Assign to your device groups
  3. Set the schedule (e.g., once per day)

Method B: policies.json via Remediations

As an alternative, you can deploy a policies.json file to the Firefox installation directory. This approach keeps all configuration in a single JSON file. Remediation script (Remediate-VelatirFirefoxJson.ps1): 
# Configuration - UPDATE THESE VALUES
$ApiToken = "your-api-token-here"
$OrganizationName = "Your Organization"

$PolicyDir = "C:\Program Files\Mozilla Firefox\distribution"
$PolicyFile = "$PolicyDir\policies.json"

# Create distribution directory
if (-not (Test-Path $PolicyDir)) {
    New-Item -Path $PolicyDir -ItemType Directory -Force | Out-Null
}

# Build policy - merge with existing if present
$Policy = @{ policies = @{} }
if (Test-Path $PolicyFile) {
    try {
        $Policy = Get-Content $PolicyFile -Raw | ConvertFrom-Json -AsHashtable
    } catch {
        $Policy = @{ policies = @{} }
    }
}

$Policy.policies.ExtensionSettings = @{
    "velatir@velatir.com" = @{
        installation_mode = "force_installed"
        install_url = "https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi"
    }
}

$Policy.policies."3rdparty" = @{
    Extensions = @{
        "velatir@velatir.com" = @{
            apiToken = $ApiToken
            organizationName = $OrganizationName
        }
    }
}

$Policy | ConvertTo-Json -Depth 10 | Set-Content -Path $PolicyFile -Encoding UTF8

Write-Output "Velatir Firefox policies.json configured successfully"
Firefox updates may remove the distribution folder. If using this method, schedule the remediation to run regularly (e.g., once per day) to ensure the file is recreated after updates.

SCCM / Configuration Manager (Windows)

If your organization uses Microsoft SCCM (ConfigMgr) instead of Intune, you can deploy the Velatir browser extension using the pre-built MSI installer that Velatir provides. No need to build anything — just pass your API token and organization name as properties at install time. Contact hello@velatir.com to request the MSI installer file.

MSI Properties

PropertyRequiredDescription
API_TOKENYesYour Velatir API token (e.g., vltr_...)
ORGANIZATION_NAMEYesYour organization’s display name shown in the extension
ADDLOCALNoComma-separated list of browsers. Defaults to all. Options: Chrome, Edge, Firefox

Step 1: Create an Application

  1. Open the Configuration Manager Console
  2. Navigate to Software Library > Application Management > Applications
  3. Click Create Application > Manually specify the application information
  4. Add a Deployment Type and select Script Installer
  5. Set the content location to the network share containing VelatirExtension.msi

Step 2: Configure Install Command

All browsers (Chrome, Edge, and Firefox): 
msiexec /i VelatirExtension.msi API_TOKEN=vltr_yourApiTokenHere ORGANIZATION_NAME="Your Organization" /qn
Specific browsers only (e.g., Chrome and Edge): 
msiexec /i VelatirExtension.msi API_TOKEN=vltr_yourApiTokenHere ORGANIZATION_NAME="Your Organization" ADDLOCAL=Chrome,Edge /qn
Uninstall command: 
msiexec /x VelatirExtension.msi /qn

Step 3: Configure Detection Method

Use a registry-based detection rule to check if the extension is already configured:
SettingValue
HiveHKEY_LOCAL_MACHINE
KeySOFTWARE\Policies\Google\Chrome\3rdparty\extensions\bbiokppljpbjgiogcoggjnfffbeiihja\policy
ValueapiToken
Data TypeString
RuleThe registry setting must exist

Step 4: Deploy

  1. Right-click the application > Deploy
  2. Select the target Device Collection
  3. Set purpose to Required (auto-install) or Available (self-service via Software Center)
  4. Set a deployment schedule and complete the wizard

Updating the API Token

To rotate the API token, re-deploy the MSI with the new value. Reinstalling overwrites the existing registry keys: 
msiexec /i VelatirExtension.msi API_TOKEN=vltr_newTokenHere ORGANIZATION_NAME="Your Organization" /qn
The MSI writes registry keys to force-install the extension from the browser’s official store and configure managed storage with your API token. No files are copied beyond a marker in Program Files\Velatir. Uninstalling removes all registry keys cleanly.

Jamf Pro (macOS)

Chrome Extension

  1. In Jamf Pro, go to Computers > Configuration Profiles > New
  2. Name the profile (e.g., “Velatir Chrome Extension”)
  3. Select Application & Custom Settings > External Applications > Add
  4. Set Source to Custom Schema or Upload
  5. Set Preference Domain to com.google.Chrome
  6. Upload or paste the following plist content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ExtensionInstallForcelist</key>
    <array>
        <string>bbiokppljpbjgiogcoggjnfffbeiihja;https://clients2.google.com/service/update2/crx</string>
    </array>
    <key>3rdparty</key>
    <dict>
        <key>extensions</key>
        <dict>
            <key>bbiokppljpbjgiogcoggjnfffbeiihja</key>
            <dict>
                <key>apiToken</key>
                <string>your-api-token-here</string>
                <key>organizationName</key>
                <string>Your Organization</string>
            </dict>
        </dict>
    </dict>
</dict>
</plist>
  1. Scope the profile to your target computers
  2. Save the configuration profile

Edge Extension

  1. Create a new Configuration Profile
  2. Add Application & Custom Settings > External Applications
  3. Set Preference Domain to com.microsoft.Edge
  4. Use the following plist content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ExtensionInstallForcelist</key>
    <array>
        <string>phgnjcoglpdamjjmidheehacjbkgkooc;https://edge.microsoft.com/extensionwebstorebase/v1/crx</string>
    </array>
    <key>3rdparty</key>
    <dict>
        <key>extensions</key>
        <dict>
            <key>phgnjcoglpdamjjmidheehacjbkgkooc</key>
            <dict>
                <key>apiToken</key>
                <string>your-api-token-here</string>
                <key>organizationName</key>
                <string>Your Organization</string>
            </dict>
        </dict>
    </dict>
</dict>
</plist>
  1. Scope and save the profile

Firefox Extension

Firefox on macOS uses the preference domain org.mozilla.firefox and requires EnterprisePoliciesEnabled to be set to true.
  1. Create a new Configuration Profile
  2. Add Application & Custom Settings > External Applications
  3. Set Preference Domain to org.mozilla.firefox
  4. Use the following plist content:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnterprisePoliciesEnabled</key>
    <true/>
    <key>ExtensionSettings</key>
    <dict>
        <key>velatir@velatir.com</key>
        <dict>
            <key>installation_mode</key>
            <string>force_installed</string>
            <key>install_url</key>
            <string>https://addons.mozilla.org/firefox/downloads/latest/velatir/latest.xpi</string>
        </dict>
    </dict>
    <key>3rdparty</key>
    <dict>
        <key>Extensions</key>
        <dict>
            <key>velatir@velatir.com</key>
            <dict>
                <key>apiToken</key>
                <string>your-api-token-here</string>
                <key>organizationName</key>
                <string>Your Organization</string>
            </dict>
        </dict>
    </dict>
</dict>
</plist>
  1. Scope and save the profile
The EnterprisePoliciesEnabled key must be set to true — without it, Firefox ignores all enterprise policy configuration on macOS.

Verification

Windows

  1. Trigger an Intune sync on the device or wait for the scheduled check-in
  2. Verify policies are applied:
    • Chrome: Navigate to chrome://policy and click Reload policies
    • Edge: Navigate to edge://policy and click Reload policies
    • Firefox: Navigate to about:policies
  3. Verify you see:
    • Chrome/Edge: ExtensionInstallForcelist with the Velatir extension ID, and your configured apiToken and organizationName
    • Firefox: ExtensionSettings containing velatir@velatir.com with force_installed mode
  4. Confirm the extension is installed:
    • Chrome: chrome://extensions
    • Edge: edge://extensions
    • Firefox: about:addons (should show “Installed by enterprise policy”)

macOS

  1. After the Jamf profile deploys, verify the plist files exist: 
    # Chrome
ls /Library/Managed\ Preferences/com.google.Chrome.plist

# Edge
ls /Library/Managed\ Preferences/com.microsoft.Edge.plist

# Firefox
ls /Library/Managed\ Preferences/org.mozilla.firefox.plist
  2. Check the applied settings: 
    # Chrome
defaults read /Library/Managed\ Preferences/com.google.Chrome

# Firefox
defaults read /Library/Managed\ Preferences/org.mozilla.firefox
  3. Verify policies in the browser:
    • Chrome: chrome://policy
    • Edge: edge://policy
    • Firefox: about:policies
  4. Confirm the extension is installed:
    • Chrome: chrome://extensions
    • Edge: edge://extensions
    • Firefox: about:addons

Troubleshooting

Extension not installing

  • Windows: Verify the device has synced with Intune. Check Devices > Monitor > Device configuration status
  • macOS: Verify the configuration profile is installed under System Settings > Privacy & Security > Profiles
  • Firefox (macOS): Ensure EnterprisePoliciesEnabled is set to true in the plist — Firefox ignores all policies without it
  • Ensure the browser is installed before the policy applies
  • Check the browser’s policy page for errors (chrome://policy, edge://policy, or about:policies for Firefox)

Configuration not appearing

  • Windows: Remediations run on a schedule. Trigger a manual sync or wait for the next run
  • Windows: Verify the scripts are running in 64-bit PowerShell context
  • macOS: Check that the preference domain matches exactly (com.google.Chrome, com.microsoft.Edge, or org.mozilla.firefox)
  • Firefox (Windows): If using policies.json, check that the file exists at C:\Program Files\Mozilla Firefox\distribution\policies.json — Firefox updates can remove this directory
  • Restart the browser after policy changes

Policy conflicts (Windows)

If multiple Intune profiles configure ExtensionInstallForcelist, they may conflict. Use Remediations instead of Settings Catalog to avoid this issue, as Remediations can check for existing entries and add new ones without overwriting.

32-bit vs 64-bit context (Windows)

Registry changes may be written to WOW6432Node if the script runs in 32-bit context. Always enable Run script in 64-bit PowerShell in your Remediation settings.

Browser Extension Overview

General extension features and manual installation

Get API Token

Set up your Velatir account and get an API token