Skip to main content
Documentation

Enterprise Deployment Guide

Quick Start (Recommended)

For most enterprise deployments:

  1. Force-install the extension via Google Workspace or Microsoft Intune.
  2. Configure managed policy and pre-grant host permissions for your Genesys Cloud region. Two snippets go into your ExtensionSettings policy — the managed policy values: 
    {
  "organizationName": "your-org",
  "region": "your-region"
}
    and the host permissions array (replace mypurecloud.com with your Genesys Cloud region — see Valid Region Values): 
    "runtime_allowed_hosts": [
  "*://apps.mypurecloud.com",
  "*://login.mypurecloud.com",
  "*://api.mypurecloud.com",
  "*://api-downloads.mypurecloud.com"
]
    The grantRegionPermissions field already defaults to true, so you do not need to add it explicitly unless you want to disable auto-granting.

This results in a fully silent deployment with no user interaction required.

The extension will be installed automatically and will be ready to use without any user configuration.

For detailed configuration and platform-specific instructions, see the sections below.

Choose your platform

Chrome Google Workspace Edge Microsoft Intune

Sections below the platform guides (Policy Reference, Host Permissions, Troubleshooting, Examples) apply to both platforms.

Overview

This guide covers how to deploy Mediabriz across your organization using Google Workspace (Chrome) or Microsoft Intune (Edge). It includes extension installation, managed policy configuration, host permissions, and troubleshooting.

Deployment Method Windows macOS Linux ChromeOS
Google Workspace (Chrome)
Microsoft Intune (Edge) - -

What Is Being Deployed

Mediabriz is a browser extension deployed to end-user browsers (Chrome or Edge) and managed centrally by IT administrators.

Installation

The extension is installed via browser management policies (Google Workspace or Microsoft Intune). It runs within the browser context and is not designed to install or execute system-level components. No desktop agents or additional client software are required.

Configuration

After installation, the extension is configured using enterprise managed policies. Configuration includes the organization name, Genesys Cloud region, and optional settings such as feature toggles and custom domains.

The extension can be configured to operate on supported domains, including Genesys Cloud and organization-defined custom domains.

Users must authenticate via Genesys Cloud to use Mediabriz functionality.

Prerequisites

  • Active Mediabriz subscription - ensure your organization has an active Mediabriz subscription provisioned. Contact us if you have not completed onboarding.
  • Genesys Cloud region - the region domain where your organization is hosted (e.g., mypurecloud.com for US East). See the Valid Region Values table below.
  • Admin console access - Google Workspace Admin Console (Chrome) or Microsoft Intune admin center (Edge).
  • Extension ID - Edge: bpdjeihgofhpojeghkomckhgahioiomo. Chrome: dojbgeididmgnlieckgekbfdncaamhbm. See Get the Extension below.
  • Network access - ensure Mediabriz and Genesys Cloud domains are reachable through corporate firewalls and proxies (HTTPS, port 443). See Network Requirements for the full list of required domains.

Get the Extension

The Mediabriz extension is available on the Chrome Web Store (for Chrome) and the Edge Add-ons store (for Edge). For enterprise deployments, install it via browser policy rather than manually - see the platform-specific sections below.

For individual (non-managed) installs, users can install the extension directly from the store.

Browser Extension ID Store Link
Microsoft Edge bpdjeihgofhpojeghkomckhgahioiomo View on Edge Add-ons
Google Chrome dojbgeididmgnlieckgekbfdncaamhbm View on Chrome Web Store
Note: Chrome and Edge have different extension IDs for the same extension. Use the correct ID for your target browser throughout the deployment configuration.

Google Workspace Deployment

Applies to: Chrome on Windows, macOS, Linux, and ChromeOS

Platform: The same Admin Console configuration applies to Chrome on Windows, macOS, Linux, and ChromeOS.

  1. Open Google Admin Console at admin.google.com.

  2. Navigate to Chrome Management - Devices > Chrome > Apps & Extensions > Users & browsers.

  3. Select Organizational Unit - choose the OU where you want to deploy.

  4. Add the Extension - click +, select Add from Chrome Web Store, and enter the Mediabriz extension ID: dojbgeididmgnlieckgekbfdncaamhbm.

  5. Set Installation Policy to Force install.

  6. Configure Managed Policy - scroll to Policy for extensions and paste the JSON configuration. Replace acme-corp with your Genesys Cloud organization short name and mypurecloud.com with your region domain (see Valid Region Values):

    {
  "organizationName": "acme-corp",
  "region": "mypurecloud.com"
}

    See Managed Policy Reference for all available fields.

  7. Save. The extension deploys on the next Chrome sync (typically within minutes).

Alternative: JSON-Based Policy

For organizations managing Chrome policies via MDM or file-based configuration, use the ExtensionSettings policy. The runtime_allowed_hosts entries below show the four mypurecloud.com (US East) subdomains as an example — replace them with the four apps./login./api./api-downloads. subdomains for your Genesys Cloud region (see Valid Region Values and Host Permissions):

{
  "dojbgeididmgnlieckgekbfdncaamhbm": {
    "installation_mode": "force_installed",
    "update_url": "https://clients2.google.com/service/update2/crx",
    "runtime_allowed_hosts": [
      "*://apps.mypurecloud.com",
      "*://login.mypurecloud.com",
      "*://api.mypurecloud.com",
      "*://api-downloads.mypurecloud.com"
    ]
  }
}

Managed storage is configured separately via the 3rdparty.extensions.dojbgeididmgnlieckgekbfdncaamhbm.policy key. See Chrome Enterprise policy documentation.

Microsoft Intune (Edge) Deployment

Applies to: Edge on Windows and macOS

Tip: For most deployments, only Step 2 (force-install + host permissions) and Step 3 (managed storage configuration) are required.
Important: Edge managed storage (chrome.storage.managed) is configured through OS-level policies (Windows Registry or macOS plist), not through the ExtensionSettings JSON. This requires two separate profiles: one for force-install + host permissions, and one for managed policy values.

  1. Sign in to Intune at intune.microsoft.com.

  2. Create Force-Install + Host Permissions Profile

    • Go to Devices > Manage devices > Configuration > Create > New policy.
    • Select platform (Windows 10 and later or macOS), profile type: Settings catalog.
    • Search for Configure extension management settings under Microsoft Edge > Extensions.
    • Add the ExtensionSettings JSON below to force-install the extension and pre-grant host permissions. The runtime_allowed_hosts entries show the four mypurecloud.com (US East) subdomains as an example — replace them with the four apps./login./api./api-downloads. subdomains for your Genesys Cloud region (see Valid Region Values and Host Permissions):
    {
  "bpdjeihgofhpojeghkomckhgahioiomo": {
    "installation_mode": "force_installed",
    "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
    "runtime_allowed_hosts": [
      "*://apps.mypurecloud.com",
      "*://login.mypurecloud.com",
      "*://api.mypurecloud.com",
      "*://api-downloads.mypurecloud.com"
    ]
  }
}

  3. Create Managed Storage Profile

    Edge reads managed extension configuration from OS-level policies. The mechanism differs by platform.

    Reminder: All registry, PowerShell, and plist examples in the Windows and macOS sub-sections below show mypurecloud.com (US East) as the region value. Replace it with your organization’s actual region domain from the Valid Region Values table.

    Windows - Registry

    Write managed storage values to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\bpdjeihgofhpojeghkomckhgahioiomo\policy
    Registry Value Name Type Data
    organizationName REG_SZ acme-corp
    region REG_SZ mypurecloud.com
    grantRegionPermissions REG_DWORD 1

    Deploy via Intune using a Custom profile with OMA-URI entries, a PowerShell remediation script, or the Settings catalog. See Microsoft's documentation.

    Example PowerShell script:

    $regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\bpdjeihgofhpojeghkomckhgahioiomo\policy"
New-Item -Path $regPath -Force | Out-Null
Set-ItemProperty -Path $regPath -Name "organizationName" -Value "acme-corp" -Type String
Set-ItemProperty -Path $regPath -Name "region" -Value "mypurecloud.com" -Type String
Set-ItemProperty -Path $regPath -Name "grantRegionPermissions" -Value 1 -Type DWord

    Setting array values (e.g., customDomains) in registry:

    Array-type fields require numbered subkeys under the field name. For example, to set customDomains with two entries:

    HKLM:\...\policy\customDomains\1  REG_SZ  "*.salesforce.com"
HKLM:\...\policy\customDomains\2  REG_SZ  "crm.acme-corp.com"

    macOS - Property List (plist)

    Edge on macOS reads managed extension policies from per-extension plist files, not from the main com.microsoft.Edge plist. The plist file must be named com.microsoft.Edge.extensions.bpdjeihgofhpojeghkomckhgahioiomo.plist, with policy values placed directly in the root <dict> (no 3rdparty/extensions/policy nesting).

    Note: This differs from Chrome on macOS, which uses a nested structure under com.google.Chrome. Edge Beta and Dev channels use com.microsoft.Edge.Beta.extensions.bpdjeihgofhpojeghkomckhgahioiomo and com.microsoft.Edge.Dev.extensions.bpdjeihgofhpojeghkomckhgahioiomo respectively.
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>organizationName</key>
  <string>acme-corp</string>
  <key>region</key>
  <string>mypurecloud.com</string>
  <key>grantRegionPermissions</key>
  <true/>
</dict>
</plist>

    Setting array values (e.g., customDomains) in plist:

    Array-type fields use the <array> element:

    <key>customDomains</key>
<array>
  <string>*.salesforce.com</string>
  <string>crm.acme-corp.com</string>
</array>

    In Intune: Devices > Manage devices > Configuration > Create > New policy > macOS > Templates > Custom, set preference domain to com.microsoft.Edge.extensions.bpdjeihgofhpojeghkomckhgahioiomo. See Microsoft's Edge on macOS documentation and the TechCommunity discussion on Edge extension managed storage.

    Known limitation: Some administrators have reported that Edge on macOS does not always reliably deliver managed storage values to extensions. If managed configuration does not appear after deployment, verify the plist file name matches the extension ID exactly and check edge://policy for policy delivery status.

  4. Assign to Device Groups - add target device or user groups to all profiles, then Save.

  5. Deploy - profiles apply on the next Intune sync. Users will see the extension installed with the organization pre-configured.

Managed Policy Reference

Applies to: Chrome and Edge

Mediabriz reads enterprise configuration from chrome.storage.managed. The full JSON policy is shown below, followed by field-level documentation.

Full JSON Policy

The snippet below shows every supported field with example values. organizationName and region are required and must be replaced with your organization’s actual short name and Genesys Cloud region domain — mypurecloud.com (US East) is shown only as an example; see Valid Region Values for the complete list. All other fields are optional and shown with their defaults.

{
  "organizationName": "acme-corp",
  "region": "mypurecloud.com",
  "customDomainEnabled": false,
  "customDomainMode": "addition",
  "customDomains": [],
  "searchEnabled": true,
  "searchByIdEnabled": true,
  "searchByDetailsEnabled": true,
  "exportPdfEnabled": true,
  "mediaDownloadEnabled": true,
  "countryCodeOverrideEnabled": false,
  "countryCodeOverride": "us",
  "timeFormatOverrideEnabled": false,
  "timeFormatOverride": "24h",
  "appLanguage": "en",
  "grantRegionPermissions": true,
  "grantCustomDomainPermissions": true
}

Field Reference

Organization Settings

Field Type Required Description
organizationName string Required Genesys Cloud organization short name (lowercase).
region string Required Genesys Cloud region domain. Must match a value from the Valid Region Values table.

Valid Region Values

Region Domain
US East (N. Virginia)mypurecloud.com
US West (Oregon)usw2.pure.cloud
Canada (Central)cac1.pure.cloud
South America (São Paulo)sae1.pure.cloud
Mexico (Central)mxc1.pure.cloud
US East 2 (Ohio) - FedRAMPuse2.us-gov-pure.cloud
Europe (Frankfurt)mypurecloud.de
Europe (Dublin)mypurecloud.ie
Europe (London)euw2.pure.cloud
Europe (Zurich)euc2.pure.cloud
Middle East (UAE)mec1.pure.cloud
Asia Pacific (Mumbai)aps1.pure.cloud
Asia Pacific (Osaka)apne3.pure.cloud
Asia Pacific (Seoul)apne2.pure.cloud
Asia Pacific (Singapore)apse1.pure.cloud
Asia Pacific (Sydney)mypurecloud.com.au
Asia Pacific (Tokyo)mypurecloud.jp
Examples convention used throughout this guide: The JSON, registry, PowerShell, and plist snippets in the deployment, host-permissions, and configuration sections below use mypurecloud.com (US East — N. Virginia) as the example Genesys Cloud region. This is for illustration only — Mediabriz supports all 17 Genesys Cloud regions listed in the table above. When applying any example to your deployment, replace mypurecloud.com (and the four apps./login./api./api-downloads.mypurecloud.com subdomains derived from it) with your organization’s actual region domain. Examples that intentionally show a different region (such as mypurecloud.de for the Full Configuration walk-through) are explicitly labeled as such.
FedRAMP / GovCloud: use2.us-gov-pure.cloud (US East 2 - Ohio) is supported end-to-end: content scripts inject on apps.use2.us-gov-pure.cloud, login-redirect detection recognizes login.use2.us-gov-pure.cloud, and the Mediabriz API allowlists accept *.us-gov-pure.cloud media URLs.

Custom Domain Settings

Field Type Default Description
customDomainEnabled boolean false Enable the extension on custom domains in addition to (or instead of) Genesys Cloud domains.
customDomainMode string "addition" "addition" = both custom and Genesys Cloud domains. "alternative" = custom domains only.
customDomains array [] Custom domains where the extension should run. Supports wildcards (e.g., *.salesforce.com). Max 10.
Note on customDomains format (managed values are stored verbatim): Values pushed via enterprise policy (ExtensionSettings JSON, Windows Registry, macOS plist) are stored byte-for-byte verbatim — they are not auto-rewritten. To cover an apex AND its subdomains in a single entry, write the wildcard form explicitly (e.g., *.acme.com, not acme.com). An apex-only entry like acme.com requests the host permission for https://acme.com/* only, and Chrome does not extend that grant to subdomains, so the extension would silently fail to load on app.acme.com, crm.acme.com, etc. The end-user settings UI in the extension auto-rewrites apex inputs (e.g., a user typing acme.com) to *.acme.com for convenience, but managed-policy values never receive this transform — admins keep full control over the string they push.

Feature Toggles

Field Type Default Description
searchEnabled boolean true Show the Search option in the extension menu.
searchByIdEnabled boolean true Allow searching conversations by conversation ID.
searchByDetailsEnabled boolean true Allow searching conversations by participant details.
exportPdfEnabled boolean true Show the PDF export button in the messages timeline view.
mediaDownloadEnabled boolean true Allow users to download, export, drag-out, or snapshot media items. Set to false to prevent media exfiltration: download buttons (tile menus, mini and full previews, compare modals, dedicated viewer pages), drag-and-drop to desktop, video snapshots, and edit/export tools in image and PDF previews are all disabled with a tooltip explaining the policy. Note: Office file previews (Word, Excel, PowerPoint) render in Microsoft's Office Online viewer (view.officeapps.live.com) inside a cross-origin iframe; its toolbar contains a download button that is outside the extension's control. Organizations that need to fully block Office downloads should pair mediaDownloadEnabled: false with a network-level block on view.officeapps.live.com or rely on Genesys Cloud's role-based permissions to restrict who can access these attachments.

Regional Preferences

Field Type Default Description
countryCodeOverrideEnabled boolean false Override the auto-detected country code for phone number formatting.
countryCodeOverride string - ISO 3166-1 alpha-2 code (e.g., "us", "de"). Only applies when countryCodeOverrideEnabled is true.
timeFormatOverrideEnabled boolean false Override the browser's default time format.
timeFormatOverride string "24h" "24h" or "12h". Only applies when timeFormatOverrideEnabled is true.
appLanguage string "en" UI display language. Currently "en" (English).

Permission Settings

Field Type Default Description
grantRegionPermissions boolean true Auto-request host permissions for the configured region at startup.
grantCustomDomainPermissions boolean true Auto-request host permissions for configured custom domains at startup.

Host Permissions

Applies to: Chrome and Edge

Mediabriz requires browser host permissions to operate on specific domains. These permissions determine where the extension is active and able to interact with page content.

Required Origins Per Region

For each region, the extension needs access to 4 subdomains. Each domain serves a specific function required for full operation (UI rendering, authentication, API access, and media retrieval). Replace <region> with the domain from the Valid Region Values table:

  • *://apps.<region> - Genesys Cloud UI (toolbar injection)
  • *://login.<region> - OAuth authentication
  • *://api.<region> - API calls
  • *://api-downloads.<region> - Media file downloads

All listed domains are required for full functionality. Missing permissions may result in partial or non-functional behavior.

Example for US East (mypurecloud.com): *://apps.mypurecloud.com, *://login.mypurecloud.com, *://api.mypurecloud.com, *://api-downloads.mypurecloud.com.

Granting Permissions

Method 1 - Allow hosts via browser policy (recommended): Configure runtime_allowed_hosts in the ExtensionSettings JSON to declare which hosts the extension is permitted to access. This ensures the hosts are not blocked by enterprise policy restrictions and allows the extension to obtain permissions silently when combined with Method 2. This is the recommended approach for enterprise deployments. See the Google Workspace and Intune sections above for examples.

Method 2 - Programmatic request: The managed config fields grantRegionPermissions and grantCustomDomainPermissions (both default true) tell the extension to call chrome.permissions.request() on startup. For force-installed extensions with runtime_allowed_hosts configured (Method 1), this request completes silently without a user prompt. Without Method 1, this call may require a user gesture in some browser versions and could trigger a prompt or fail silently.

Recommendation: Use both methods together for a fully silent deployment. Configure runtime_allowed_hosts in the browser policy (Method 1) to allow the extension to access the required hosts. Keep grantRegionPermissions: true and grantCustomDomainPermissions: true in the managed config (Method 2) to trigger the programmatic permission request at startup, which completes silently when Method 1 is in place.

What Users Will See

Applies to: Chrome and Edge

  • Fields set by the admin appear as read-only with a "Managed by your organization" label.
  • Fields not set by the admin remain editable by the user.
  • If organizationName and region are both managed, users do not need to configure anything - the extension is ready to use immediately.

Live Policy Updates

As of v6.3.43, managed policy changes (region, feature toggles, custom domains, regional preferences) are picked up on the next browser policy sync without requiring an extension or browser restart. The extension subscribes to chrome.storage.onChanged for the managed namespace and, on every change, it re-reads the managed values, re-runs auto-grant for any newly-required host permissions, and broadcasts a refresh to all open tabs so the menu, time format, country code, download policy, and search visibility update in place.

If a newly-managed region or custom domain requires host permissions that the user has not yet granted, the extension auto-requests them. For a fully silent grant, ensure the corresponding origins are listed under runtime_allowed_hosts in the browser ExtensionSettings policy.

Security & Privacy

Data Flow Overview

Mediabriz is a browser-based application that integrates with Genesys Cloud services.

  • Interaction metadata is retrieved from Genesys Cloud APIs
  • Media files are fetched from Genesys Cloud media endpoints
  • The Mediabriz backend is used for:
    • Organization validation
    • Feature configuration
    • Optional processing (e.g., media analysis)

Mediabriz is not designed to proxy Genesys Cloud traffic.

Mediabriz is not designed to persist or store full conversations or customer media outside temporary processing required for the Service.

Activation Scope

The extension is designed to be active on:

  • The configured Genesys Cloud region domains
  • Optional administrator-defined custom domains

It is not designed to run on unrelated websites.

Mediabriz is designed to operate within the permissions of the logged-in user and is not designed to elevate or bypass Genesys Cloud access controls.

Troubleshooting

Applies to: Chrome and Edge

Policy Not Applied (Chrome and Edge)

  • Navigate to chrome://policy (Chrome) or edge://policy (Edge) and search for the extension ID.
  • Force a policy refresh from the admin console or wait for the next sync interval.
  • Verify the user's device is in the targeted OU or group.
  • Validate the policy JSON with a JSON linter.

Extension Not Installed (Chrome and Edge)

  • Confirm the ExtensionSettings JSON has "installation_mode": "force_installed" and the correct update_url.
  • Check that the extension ID is correct.
  • Verify the profile is assigned to the correct device or user group.

Extension Not Activating (Chrome and Edge)

  • Ensure organizationName is lowercase.
  • Verify region matches one of the valid values in the Valid Region Values table.
  • Check that the organization has an active subscription.

Invalid Managed Values Ignored (Chrome and Edge)

If a managed region value is not in the supported region list, the extension logs [MANAGED] Invalid region in policy, ignoring value: <value> and falls back to the user-set value (or remains unconfigured). The same applies to customDomainMode (only "addition" / "alternative" are accepted) and timeFormatOverride (only "24h" / "12h" are accepted). This is intentional fail-safe behavior - a typo in policy will not silently route the extension to the wrong API endpoint or mis-lock the configuration UI.

Inspect the extension's background service-worker console (chrome://extensions > Mediabriz > Inspect views: service worker) and search for [MANAGED] Invalid warnings to identify which value was dropped.

Extension Installed but UI Not Visible (Chrome and Edge)

  • Verify host permissions are granted for the active domain.
  • Ensure the user is accessing a supported domain.
  • Confirm the configured region matches the environment.

Host Permission Issues (Chrome and Edge)

  • Verify permissions at chrome://extensions (or edge://extensions) > Mediabriz > Details > Site access.
  • Ensure runtime_allowed_hosts in the browser policy includes all 4 region subdomains.
  • If grantRegionPermissions is false, permissions must be granted via policy or manually by the user.

Organization Validation Failures (Chrome and Edge)

  • Verify network connectivity to api.mediabriz.com (US) or eu.api.mediabriz.com (EU).
  • Confirm the organization name and region match the values configured during onboarding.
  • Contact us if the organization is not found or has been suspended.

Viewing Extension Logs (Chrome and Edge)

  1. Navigate to chrome://extensions (or edge://extensions).
  2. Enable Developer mode.
  3. Find Mediabriz and click Inspect views: service worker.
  4. Check the Console tab for [MANAGED] prefixed log messages.

Configuration Examples

Applies to: Chrome and Edge

Minimal Configuration

The simplest deployment requires only the organization name and region. All other settings use their defaults. The example below uses mypurecloud.com (US East) — replace with your region from the Valid Region Values table.

{
  "organizationName": "acme-corp",
  "region": "mypurecloud.com"
}
  • Activates the extension for acme-corp on US East.
  • All feature toggles use defaults (enabled).
  • Users can configure custom domains and preferences themselves.

Full Configuration

A fully locked-down deployment with all fields managed by the administrator. This example uses mypurecloud.de (Europe Frankfurt) to illustrate that any of the 17 supported regions can be used — replace with your region from the Valid Region Values table.

{
  "organizationName": "acme-corp",
  "region": "mypurecloud.de",
  "customDomainEnabled": true,
  "customDomainMode": "addition",
  "customDomains": [
    "*.salesforce.com",
    "crm.acme-corp.com"
  ],
  "searchEnabled": true,
  "searchByIdEnabled": true,
  "searchByDetailsEnabled": false,
  "exportPdfEnabled": true,
  "mediaDownloadEnabled": false,
  "countryCodeOverrideEnabled": true,
  "countryCodeOverride": "de",
  "timeFormatOverrideEnabled": true,
  "timeFormatOverride": "24h",
  "appLanguage": "en",
  "grantRegionPermissions": true,
  "grantCustomDomainPermissions": true
}
  • Activates on Europe (Frankfurt) with two custom domains in "addition" mode.
  • Disables search by participant details; all other features enabled.
  • Disables media downloads - download buttons, drag-and-drop to desktop, video snapshots, and image/PDF edit-export are all turned off across the UI to prevent media exfiltration. (Office file previews rendered through Microsoft's Office Online viewer expose their own download button which is outside the extension's control - see the mediaDownloadEnabled row in the Field Reference for details.)
  • Forces German phone formatting and 24-hour clock.
  • Auto-requests host permissions for both region and custom domains.
  • All fields are read-only for end users.

For deployment questions or technical assistance, visit our Support Center or contact us.