Extension ID
mbokiighkhdopgedihndpibkincpcgan
Google Chrome: Whitelisting Browser Extensions
Log in to your Google Admin Console at admin.google.com.
From the Admin Console, go to Devices > Chrome > Settings.
Choose the OU for which you want to manage the browser extension (e.g., specific departments or all users).
Under Apps and Extensions > Users & Browsers, look for the Allowed apps and extensions setting.
Add the extension’s ID
Under Force-installed apps and extensions, add the extension’s ID if you want it to install automatically.
Use the format: <extension_id>;https://clients2.google.com/service/update2/crx.
Click Save to enforce the policy.
Ensure users are signed into their managed Chrome browsers for the policy to take effect.
Verify the extension appears for users under the policy and behaves as expected.
Microsoft Edge: Whitelisting Browser Extensions
Access Group Policy Editor:
If using Group Policy, open the Group Policy Management Console.
Locate Edge Policies:
Navigate to Administrative Templates > Microsoft Edge > Extensions.
Enable Extension Management:
Configure the Control which extensions are installed silently policy:
Add the ID of the extension and its update URL (Edge extensions also use the Chrome Web Store’s update URL, https://clients2.google.com/service/update2/crx).
In Group Policy, configure Allow specific extensions and add the extension’s ID.
In Group Policy, link the policy to the appropriate OU.
Ensure the extension is available in Edge for users and functions correctly under the policy.
Google - block/allow-listing specific URLs
Sign in to Google Admin Console at admin.google.com.
Go to Devices > Chrome > Apps & Extensions > Users & Browsers.
Select the OU (Organizational Unit) or group where you want to allow the extension.
Click “Add” > “Add Chrome app or extension by ID”.
For an allow list
For a block list
Set “Blocked Hosts” to whichever hosts you want to block
Click Save.
To verify the policy applies, follow the below instructions
Open a chrome browser where the policy should be applied
Visit chrome://policy
Look for ExtensionSettings and click “show more” to confirm extension restrictions.
Advanced Usage: Use Chrome Enterprise Policies via JSON
It may be possible to apply these policies via MDM if you can set the Chrome Policy JSON file for managed devices with the following (sample) content.
1. Sample Config File
{ "ExtensionSettings": { "mbokiighkhdopgedihndpibkincpcgan": { "runtime_blocked_hosts": ["https://*", "http://*"], // Blocks everything "runtime_allowed_hosts": [ "https://*.lever.co" // allow Lever ] } } }2. Deploy the JSON Policy Using Your MDM
Depending on your MDM platform, apply the policy through Configuration Profiles, Custom Settings, or Group Policies.
Windows (Intune, GPO, Other MDMs)
Use Intune (Microsoft Endpoint Manager) or Group Policy Objects (GPO)
Configure OMA-URI settings or Registry Keys
Apply the JSON policy under: HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
macOS (Jamf, Kandji, Other MDMs)
Deploy the policy as a Managed Preference (plist file) in /Library/Managed Preferences/com.google.Chrome.plist
Use Jamf Configuration Profiles to apply the policy.
Google Workspace (Admin Console)
Navigate to Google Admin Console > Devices > Chrome > Settings
Apply the JSON policy under “Users & Browsers”.
Use the ExtensionSettings field for fine-tuned control.
Linux (MDM or Direct Policy)
Place the JSON file in /etc/opt/chrome/policies/managed/
Restart Chrome to apply policies.
How to confirm the blocklist/allowlist is working properly
When trying to confirm whether the configuration is working properly you will find that the Chrome browser still lists all sites as accessible.
To confirm whether a site is accessible, visit the site and click on the puzzle icon. This will show you which extension have access and which do not.
Example of BrightHire extension having access to Workday
Example of BrightHire extension NOT having access to Workday
Example of Greenhouse and BrightHire only configuration




