Get in Touch
Back to main blog page
Google Chrome logo

Managing Google Chrome on macOS with a Config Profile

A client recently asked us set a few default Google Chrome settings for new Mac users.  After a bit of testing, we found that it is actually pretty easy managing Google Chrome on macOS with a config profile.  In this blog I'll share where to get the list of available settings, and how to use them in a custom config profile.

 

Where to get the list of available options

The list of options can be found here: http://www.chromium.org/administrators/policy-list-3

The page explains each of the options, like "HomepageLocation" and then lists the correct setting name for Windows, Chrome OS, macOS and Linux.

In the case of a HomepageLocation for macOS, we'd be interested in this section:

Mac/Linux preference name:

HomepageLocation

 

Putting the setting into a config profile

If you wanted to store the HomepageLocation in a config profile, you will want to store it in the PayloadContent section:

<key>PayloadContent</key>
<dict>
	<key>com.google.Chrome</key>
	<dict>
		<key>Forced</key>
		<array>
			<dict>
				<key>mcx_preference_settings</key>
				<dict>
					<key>HomepageLocation</key>
					<string>https://moof-it.co.uk</string>
				</dict>
			</dict>
		</array>
	</dict>
</dict>

After you have saved the config profile, upload it to your MDM server and deploy to your Macs.

 

Some interesting settings we used

On the most recent project, we set a few interesting settings using this method:

  • Configuring single sign-on with ADFS for specific domains
  • Setting specific plugins to install on first launch

 

Single sign-on with ADFS

We set this with two keys, AuthNegotiateDelegateWhitelist & AuthServerWhitelist.  Here is the example:

<key>PayloadContent</key>
<dict>
	<key>com.google.Chrome</key>
	<dict>
		<key>Forced</key>
		<array>
			<dict>
				<key>mcx_preference_settings</key>
				<dict>
					<key>AuthNegotiateDelegateWhitelist</key>
  					<string>*.moof-it.co.uk,*.office.com</string>
					<key>AuthServerWhitelist</key>
  					<string>*.moof-it.co.uk,*.office.com</string>
				</dict>
			</dict>
		</array>
	</dict>
</dict>

Once the user logged in with their AD account, and had a valid Kerberos ticket, they had single sign-on to their ADFS integrated sites.
 

Setting specific plugins to install on first launch

In this example, we are using the LastPass extension, but the method can be applied to any other plugin you want to install:

<key>PayloadContent</key>
<dict>
	<key>com.google.Chrome</key>
	<dict>
		<key>Forced</key>
		<array>
			<dict>
				<key>mcx_preference_settings</key>
				<dict>
					<key>ExtensionInstallForcelist</key>
					<array>
						<string>hdokiejnpimakedhajhdlcegeplioahd;https://clients2.google.com/service/update2/crx</string>
					</array>
				</dict>
			</dict>
		</array>
	</dict>
</dict>

In this case, the unique identifier for the LastPass extension is "hdokiejnpimakedhajhdlcegeplioahd".  You can find out the identifier for other extensions by installing them in Chrome on a Mac, and finding them in ~/Library/Application Support/Google/Chrome/Default/Extensions.

The URL "https://clients2.google.com/service/update2/crx" stays the same.  You just need to change the unique identification string before it.

To add multiple extensions, add more lines inside the array.

Other Articles

Multi-Factor Authentication and why it’s absolutely needed in your business!
20th August 2019

What is MFA? Multi-Factor Authentication (sometimes referred to as 2-Factor Authentication) is an enhanced security…

blog img
Suppressing auto-update checks for Microsoft Visual Studio Code for Mac
15th January 2018

Released back in March 2016, Visual Studio is Microsoft's own offering for Code editing, for…

blog image
MacAD UK 2018 – Shields up, Captain?
21st February 2018

Update, 2018.03.30: Added link to YouTube Video Hi All, I had the pleasure of delivering…

What’s changed in the new CIS Benchmarks for Catalina and Mojave?
9th April 2020

As some of you may have spotted, CIS (https://www.cisecurity.org/) released new security benchmarks for Catalina…

How to hide your Desktop icons during a presentation
13th January 2020

If you have ever presented from your Mac and showed the full contents of your…

About moof IT

moof IT are an Apple focused IT company providing a full range of services to over 150 clients including user support, device management, infrastructure and security.

Contact Info

Tel: 0203 983 4444

Email: hello@moof-it.co.uk

London: 1st Floor 20 Noel Street London W1F 8GW

Manchester: The Sharp Project, Thorp Rd, Manchester M40 5BJ

Surrey: Unit 9B, Southbridge House, Southbridge Place, Croydon CR0 4HA

Social Media