Once your Resmo admin triggers an email from the SaaS Directory UI, employees will receive an email from Resmo. After clicking on the link provided in the email, the extension installation process will begin. Recipients can proceed to the related page and install the extension for their browsers.
Resmo then starts using the browser extension to capture employee SaaS logins and shows the collected data on the Apps Dashboard and Employees Dashboard.
Features/Browsers | Chrome | Edge | Brave | Firefox | Safari |
---|---|---|---|---|---|
MDM Support | ✔︎ | ✔︎ | ✔︎ | X | X |
Accessing the history data | ✔︎ | ✔︎ | ✔︎ | ✔︎ | X |
Blocking specific domains | ✔︎ | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
Blocking unauthorized apps | ✔︎ | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
Capturing the logins with web requests | ✔︎ | ✔︎ | ✔︎ | ✔︎ | X |
Capturing the logins with form submissions | X | X | X | X | ✔︎ |
Capturing the logins with SSO | ✔︎ | ✔︎ | ✔︎ | ✔︎ | X |
Showing an organization's password warning | ✔︎ | ✔︎ | ✔︎ | ✔︎ | ✔︎ |
{% hint style="info" %}
- Heartbeat
Every 15 minutes, the extension synchronizes with the server and gets new config data.
- Send History
Every 24 hours, the usages of apps known to Resmo are searched within the browser history, and sent to the server.
- Get Blocked Domains
Every 15 minutes, the blocked domains list is checked to see whether there are any changes in the list.
- Get Unauthorized Apps
Every 15 minutes, the list of apps that are marked as "Unauthorized" within Resmo is checked to see whether there are any changes in the list. {% endhint %}
There are three statuses for the extension, "Success" ("Protected by Resmo" text in the popup), "Failure" ("Extension is not active" text in popup), and "Idle" ("Extension is idle" text in popup).
- If the extension is in "Success" or "Failure" status, the "Sync Now" button in the extension popup can be used to execute all the steps in the "Heartbeat" section. Additionally, if the extension is in "Failure" status, it will try to register itself and transition to "Success" status and start working.
- If the extension is in "Failure" or "Idle" status, every 15 minutes, the extension will automatically try to register itself and try to transition to "Success" status by successfully completing the "Heartbeat" step of the "Sync" section.
- If an error occurs, the extension will transition to "Failure" status, if the browser is MDM managed and the profile should not be monitored, the extension will transition to "Idle" status. In both cases, the following steps in the "Sync" section will not be executed.
- If the extension is in "Success" status, steps in the "Sync" section will be periodically executed. Restarting the browser executes related steps in the "Sync" section, depending on the status of the extension.
- Tracking requests (Chrome & Firefox)
Requests that contain a username/email address & password are tracked and marked as a "login-related request" . If the result is not an error for such requests, login events are sent to the server.
{% hint style="warning" %} Passwords are never sent to the server, however, if the user desires, the hash of the password is sent to the server. This allows Resmo to identify shared password usage for each user. More info on the "Enable Reused Password Detection" section in Settings/Browser Extension. {% endhint %}
- Tracking form submissions (Safari)
username/email address & password information are taken from the webpage once a form action button, in most cases this button is named "Login" , "Submit" , or "Continue" , is clicked. If these values are found, a login event is sent to the server.
{% hint style="warning" %} Passwords are never sent to the server, however, if the user desires, the hash of the password is sent to the server. This allows Resmo to identify shared password usage for each user. More info on the "Enable Reused Password Detection" section in Settings/Browser Extension. {% endhint %}
Logins with Google and Microsoft, in most cases, by clicking a button named "Log in with Google" or "Log in with Microsoft" are tracked and a login event is sent to the server.
If the "Enable Password Strength Tooltip" is selected in Settings/Browser Extension page, users will see a tooltip giving information on the present and missing fields chosen in "Password Policy" section in Settings/Browser Extension page.
Depending on the value of "Warn Users on Unauthorized App Usage" in the Settings/Browser Extension page, an informative element can be seen when navigating to a webpage of an app that is marked as "Unauthorized":
- Disabled: nothing is displayed
- Warning: A yellow banner is displayed on top of the webpage
- Block: A red page is displayed, blocking the contents of the webpage
Access to the listed webpages in the "Domains to Block" section in the Settings/Browser Extension page will be blocked. This section allows users to block webpages that are not listed on the Apps page within Resmo.
Access to the listed webpages in the "Domains to Block" section in the Settings/Browser Extension page will be blocked. This section allows users to block webpages that are not listed on the Apps page within Resmo.
Blocking can be selected as full-page blocking or displaying a banner as a warning. Admin can select the “Warn Users on Unauthorized App Usage“ section on the same page.
- Select the type of blocking users on pages. “Block” means full-page block and “Warning“ means just warn.
- Click on the Block List button and write down domains to block.
Here's an example block list as seen in the image below:
Examples of Block List. Admin blocks the specified domains.
Example 1:
i.e., twitter.com has been blocked
Example 2:
Domains containing "tube" are blocked regardless of their prefix. That’s why youtube.com has been.
Or, Admins can choose to warn the user with a banner instead of the full page warning. Here's an example:
when the user enters twitter.com, just gets a warning with a banner.
Install the extension from the store and it will automatically start working for the browser profiles that use work emails.
- Step A: Go to
“https://browser.resmo.com/extension?token={token}“
- Step B: Install the extension from the store.
- You can either do Step A first and then Step B, or vice versa.
Go to the SaaS Discovery configuration screen and see the Browser Extensions section. There are three options to choose from:
- Copy your installation link: You can use this link to copy your unique installation link and test it before sending it out to everyone.
- Send installation link to everyone: Clicking this button triggers an email that will send the installation link to everyone in your directory integration. By clicking the provided link in the email, recipients can proceed with the installation process.
{% hint style="info" %} You can add more than one browser or browser profile using your token. Once you have installed the extension, the setup process is complete. {% endhint %}
This feature enables you to easily install the Resmo browser extension and begin monitoring your organization's SaaS activity. By adding multiple browsers or profiles, you can customize the monitoring to meet your organization's needs.
You can install Resmo’s browser extension in your organization through several MDM (Mobile Device Management) solution to ensure seamless rollout. There are several ways to install.
- In the Resmo go Settings and Browser Extension page, copy your organization token.
- Navigate to the Google Admin Console.
- Sign in with your administrator account.
- From the Devices section, select "Chrome."
- On the Chrome management page, click on "Apps & extensions."
- Click “Users & Browsers” tab.
- On the right bottom of the page, click the yellow plus (+) button and select “Add Chrome app or Extension by ID”
- In the form, write Resmo’s extension ID, bbccnhenkklbacbmpfbjfpellahdfedp and save.
- You’ll see the Resmo will be added to your list.
- Click on the Resmo logo on the list and in the Installation policy select. “Force Install + pin to browser toolbar”
- In the Policy for extension write your organization token in the format:
{"orgToken": {"Value": "YOUR TOKEN"}}
This method is compatible with most of the MDM solutions for macOS. The following is the sample configuration. Remember to replace REPLACE_ORG_TOKEN
with your organization token, which you can grab from Settings -> Browser Extension page. Bbccnhenkklbacbmpfbjfpellahdfedp is Resmo’s Chrome extension ID, which is hard codded.
- Click the Save button on the top.
- The extension will roll out to your users gradually and you’ll be able to collect.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.google.Chrome</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ExtensionInstallForcelist</key>
<array>
<string>bbccnhenkklbacbmpfbjfpellahdfedp;https://clients2.google.com/service/update2/crx</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.resmo.chrome.bbccnhenkklbacbmpfbjfpellahdfedp</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>8A2E404C-D67E-4F93-BC04-529F939FABF8</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.google.Chrome.extensions.bbccnhenkklbacbmpfbjfpellahdfedp</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>orgToken</key>
<string>REPLACE_ORG_TOKEN</string>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.resmo.chrome.D658A52D-317C-4D10-A45E-D2CE72B33566</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>D658A52D-317C-4D10-A45E-D2CE72B33566</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Automatic enrollment for Resmo chrome extension</string>
<key>PayloadDisplayName</key>
<string>Resmo Chrome Extension</string>
<key>PayloadIdentifier</key>
<string>com.google.Chrome.extensions.bbccnhenkklbacbmpfbjfpellahdfedp</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>FEE7D91B-5977-4979-BD0C-E077484699F3</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Coming soon.