How is the Push browser extension activated after a managed deployment?

When you perform a managed deployment to install the Push browser extension in your environment, there can be a lag until browsers are visible in the Push admin console.

The deployment generally works within minutes to install the browser extension in your environment. You can confirm a successful installation by checking for the presence of the Push extension at chrome://extensions.

However, depending on your browser setup, it may take a little time for the Push extension to identify the user of the browser and complete the browser’s enrollment, thereby activating the extension.

The extension needs to identify the user of the browser in order to complete the enrollment, and it uses the following techniques to do so:

• Checks to see if a user has an open tab for an active Gmail, Microsoft Outlook, or Okta session.

• Checks if there is a user logged into the browser where the extension is installed (e.g. for Chrome or Edge).

• Waits to observe a SAML login from an app that uses a supported identity provider (Okta, Google Workspace, Microsoft 365, JumpCloud, Duo Security, Ping Identity, SAP, or IBM Security Access Manager).

• Waits for an OIDC login for Google Workspace or Microsoft 365.

• Waits for a password login into a recognized work app and observes the company email address of the user that way.

If you are using the automatic licensing option, the extension will identify the user of a browser through any of the above methods, except for the last one (password logins to work apps).

If it’s been a few days since you deployed the extension and you’re not seeing all the browsers you are expecting, you can ask employees to log into their work email account (Google or Outlook), or log into their browser (Chrome and Edge), as applicable.