Enterprise Deployment via Google Workspace

This guide covers deploying the Noxys browser extension at scale across your organization using Google Workspace (formerly G Suite) administration.

Prerequisites

• Google Workspace super admin or delegated admin access
• Chrome or Chromium-based browsers (Edge, Brave) on managed devices
• Noxys tenant with admin access to generate API tokens
• Google Cloud Console access (for Chrome Enterprise)

Overview

Google Workspace deployment allows you to:

1. Automatically install the Noxys extension on all managed Chrome browsers
2. Pre-configure API tokens so users don't need manual setup
3. Enforce settings like Tier 2 classification and webhook alerts
4. Lock down settings to prevent user modifications
5. Monitor installation across your fleet
6. Manage updates automatically

Step 1: Prepare API Tokens for Bulk Deployment

Before deploying, create API tokens that will be distributed to devices.

Option A: Single Token (All Users Share)

Use one API token for all devices. Simple but less granular:

1. Go to Noxys Dashboard → Settings → API Keys
2. Click + Generate New Token
3. Label it: workspace-deployment-prod
4. Click Generate
5. Copy the token (you'll use it in Workspace configuration)
6. Store it securely in your password manager or secrets vault

Option B: Per-Organizational-Unit Tokens (Better Auditing)

Create separate tokens for each department or location:

1. Go to Noxys Dashboard → Settings → API Keys
2. Click + Generate New Token for each team:
   • workspace-deployment-sales
   • workspace-deployment-engineering
   • workspace-deployment-finance
3. Copy each token and store securely
4. You'll reference the appropriate token per organizational unit in Workspace

Step 2: Add Noxys to Chrome Web Store

First, ensure the Noxys extension is available in the Chrome Web Store for your organization.

1. Go to Google Workspace Admin → Apps → Chrome and browsers
2. Click Users & browsers
3. Search for "Noxys" in the Chrome Web Store
4. Add Noxys to your organization's approved app list

Note: Noxys must be published on the Chrome Web Store. If you're using a self-hosted instance, contact Noxys support for private deployment options.

Step 3: Create Chrome Policy via Google Admin Console

Deploy via Workspace Admin Console

1. Go to Google Workspace Admin → Apps → Chrome and browsers → Users & browsers
2. Click Chrome management
3. Select your organizational unit (or "All"):
   • To deploy to your entire organization: Leave as root OU
   • To deploy to specific departments: Select the OU (e.g., "Engineering", "Sales")
4. Go to User settings → Extension management
5. Find or search for Noxys and click it
6. Set the installation mode:
   • Force install: Extension is automatically installed and user cannot uninstall
   • Allow install: Extension is available but optional
7. Select Force install (recommended for security)

Configure Extension Settings

1. In the same Extension management section, find Extension settings
2. Add the JSON configuration for Noxys:

{
  "api_token": "YOUR_API_TOKEN_HERE",
  "backend_url": "https://api.noxys.cloud",
  "auto_enable_tier2": true,
  "webhook_url": "https://your-siem.com/webhook/noxys",
  "webhook_events": ["policy_violation", "pii_detection"]
}

3. Replace YOUR_API_TOKEN_HERE with your actual token from Step 1
4. Click Save

Deploy to Specific Organizational Units

To deploy different tokens to different departments:

1. Go to Google Workspace Admin → Directory → Organizational units
2. Select your organizational unit (e.g., "Engineering")
3. Go to Apps → Chrome and browsers
4. Repeat the steps above with the department-specific token
5. Repeat for other OUs (Sales, Finance, etc.)

Step 4: Monitor Deployment Status

Check Chrome Device Status

1. Go to Google Workspace Admin → Devices → Chrome devices

2. View your managed Chrome devices

3. Click on a device to see its details

4. Look for the Extensions section to verify Noxys is installed

5. View deployment reports:

   1. Go to Chrome management → Device reports
   2. Select Apps and filter by "Noxys"
   3. View installation status across your fleet

Track Policy Application

1. Go to Chrome management → Policy reports
2. Select User settings
3. Look for Extension management to see which users have the policy applied
4. View devices where the policy failed to apply

Step 5: Verify Extension Installation

After 1-24 hours (typically within 4 hours), verify the extension is installed on managed devices.

On Windows/Chrome

1. Open Google Chrome
2. Go to chrome://extensions/
3. Look for "Noxys" in the list
4. Verify the status is "Enabled"
5. Click the extension to verify API token was pre-configured

On macOS/Chrome

1. Open Google Chrome
2. Click the Chrome menu (three dots, top right) → More tools → Extensions
3. Look for "Noxys"
4. Verify it's enabled

On Linux/Chrome

1. Open Google Chrome
2. Type chrome://extensions/ in the address bar
3. Verify Noxys appears and is enabled

Step 6: Configure Advanced Settings

Enable Tier 2 PII Detection

For deeper classification across your organization:

1. Go to Google Workspace Admin → Chrome and browsers → User settings → Extension settings
2. Edit the Noxys extension configuration
3. Set "auto_enable_tier2": true
4. Save the policy

This enables Presidio and custom recognizers on the backend (~30ms latency per interaction).

Enforce Webhook Alerts

Route all policy violations to your SIEM:

1. In the extension configuration JSON, add:

   {
     "webhook_url": "https://your-siem.com/webhook/noxys",
     "webhook_events": ["policy_violation", "pii_detection"]
   }

2. Save the policy
3. All detected policy violations will be sent to your SIEM in real-time

Disable Offline Mode

If your organization requires always-connected security:

1. In the extension configuration, add:

   {
     "allow_offline_mode": false
   }

2. Extension will not function without backend connectivity

Step 7: Manage Updates

Noxys extension updates are delivered automatically via the Chrome Web Store. Google Workspace doesn't require separate update management.

Verify Devices Are on Latest Version

1. Go to Google Workspace Admin → Devices → Chrome devices
2. View extension versions per device
3. Noxys updates are pushed automatically within 24 hours
4. You can force update check by restarting Chrome on individual devices

Step 8: Manage User Permissions (Optional)

If you want to prevent users from disabling or removing the extension:

1. Go to Chrome management → User settings → Extension management
2. Select Noxys
3. Set Installation mode: Force installed (user cannot remove)
4. Save policy

This prevents users from uninstalling the extension, though they can still disable it temporarily.

Note: Users cannot disable force-installed extensions unless they have local admin rights or disable the Chrome policy.

Troubleshooting

Extension Not Installing on Managed Devices

Problem: Devices are not receiving the Noxys extension after 24 hours.

Solution:

• Verify the organizational unit selection is correct (check root OU vs. specific OU)
• Confirm the device is enrolled and managed (go to Devices → Chrome devices to verify)
• Check the device is connected to the network and can reach Chrome Web Store
• Review the Policy reports to see if the extension policy was applied
• Try restarting Chrome on the device to trigger policy sync
• If still failing, remove the policy, restart Chrome, then re-apply the policy

API Token Not Pre-Configured

Problem: Extension is installed, but users still see "Configure API Token" prompt.

Solution:

• Verify your JSON configuration is valid (use a JSON formatter/validator)
• Confirm the api_token field contains the actual token from Noxys Dashboard
• Check that the configuration was saved (refresh the page to verify)
• Wait 4-24 hours for devices to receive the configuration
• Force policy sync on the device:
  • On Windows: Restart Chrome
  • On macOS: Restart Chrome
• Review device logs for policy application errors

Some Devices Show "Installation Failed"

Problem: Certain devices report extension installation failed.

Solution:

• Check if the device is running Chrome version 90 or later (older versions may not support this deployment method)
• Verify the device is enrolled in Workspace and managed
• Check if the device can access the Chrome Web Store (some corporate proxies block it)
• Try removing the policy, restarting Chrome, then re-applying the policy
• If the problem persists, contact your Workspace support or Noxys support

Users Complaining About Red Icon (Connection Error)

Problem: Extension is installed but shows a red icon indicating connection failure.

Solution:

• Verify the API token in your configuration hasn't been rotated in Noxys Dashboard
• Check that backend_url is correct (should be https://api.noxys.cloud for cloud instances)
• Verify network connectivity to the backend URL (not blocked by corporate proxy/firewall)
• Force policy sync on affected devices
• If still failing, generate a new API token in Noxys Dashboard and update the Workspace policy

Best Practices

1. Use per-organizational-unit tokens for better auditing and token rotation
2. Test with a pilot group (one department) before rolling out organization-wide
3. Enable Tier 2 classification for enhanced PII detection
4. Set up webhook alerts to integrate with your SOC or SIEM
5. Monitor device status weekly in the Chrome device list
6. Rotate API tokens quarterly and deploy new versions via Google Workspace
7. Communicate the rollout to teams, explaining security benefits
8. Document your OU structure to ensure tokens are deployed to correct groups
9. Use force-installed mode only for high-security organizations; allow-install for flexible environments

Integration with Organizational Units

To deploy to your organization's structure:

1. Map your OUs in Google Workspace:

   • Organization > Engineering > Backend
   • Organization > Engineering > Frontend
   • Organization > Sales
   • Organization > Finance

2. Create tokens per OU:

   • workspace-deployment-engineering-backend
   • workspace-deployment-engineering-frontend
   • workspace-deployment-sales
   • workspace-deployment-finance

3. Apply policies to each OU with the corresponding token

4. New employees added to an OU automatically receive the extension with the correct token

Deployment Timeline

• Immediate: Policy is created in Workspace Admin Console
• Within 4 hours: Most devices receive and apply the policy
• Within 24 hours: Nearly all devices have the extension installed
• Ongoing: Updates delivered automatically via Chrome Web Store

Next Steps

• Create Your First Policy
• Admin Console for policy management
• Extension Guide

Need Help?

• Email: support@noxys.eu
• Security Issues: security@noxys.eu
• Workspace Support: Your organization's IT support team