Enterprise deployment

This page is written for an IT administrator at the customer organisation. It covers what you need before you start, how to push Validera to a Google Workspace organisational unit (Chrome) or to a Microsoft Intune device group (Edge), how to verify it landed, what to tell your end users, and how to roll back if you need to.

On this page

Before you start
Path A — Chrome via Google Workspace
Path B — Edge via Microsoft Intune
Fallback — direct Web Store / Add-ons link
Verify the install
Tell your users
Rollback
Support

1. Before you start

Two supported paths depending on the browser + management stack your organisation runs. Both end with the extension force-installed on every targeted machine with no end-user action.

If your team uses…	Use this path
Chrome + Google Workspace (Business Standard / Plus / Enterprise)	Path A — Workspace admin console + Chrome managed-extension policy.
Edge + Microsoft 365 (with Intune device management, or Active Directory Group Policy)	Path B — Intune Settings catalog + Edge managed-extension policy.
Anything else, or a small pilot before full deployment	Fallback — share the direct Web Store / Add-ons link and let users install themselves.

Whichever path you take, tick these off before you start:

Need	How to check
Admin access to your management console	Workspace: super-admin or anyone with Services → Chrome Management. Intune: Intune Administrator or Global Administrator role in Entra ID.
Target user group already defined	Decide which users get Validera — typically the operations / claims team. Both paths let you scope the policy to a single OU (Workspace) or device group (Intune) without touching everyone else.
Tenant API key (audit token)	Your Validera dashboard admin can copy it from `app.validera.io/setup` under Credentials. You will paste this into the managed-storage policy. It is shared across every install in your organisation — do not commit it to a public repo.
End-user emails added in the Validera dashboard	Your Validera dashboard admin must add each target agent at `app.validera.io/setup` with their work email + mobile (E.164). The extension authenticates using the browser-signed-in account email, and matches it against this list. Emails not on the list get an “unknown agent” error and the extension won’t log events.
The Validera extension ID	Same for every customer. Chrome: `lebpalegjdonlohfiglmggjdhpojhocl`. Edge: `njlipfeimoinjclngedhmbgjibncmjdc`.

Time required. About 10 minutes in the admin console, plus a few minutes for the browser to pick up the policy on each user’s machine. Most browsers refresh policies within 5 minutes of next launch; users do not need to reinstall their browser.

2. Path A — Chrome via Google Workspace

This pushes Validera silently to every Chrome browser in the chosen OU. End users see the Validera icon appear in their toolbar within a few minutes; they cannot remove the extension. Future versions auto-update through the Chrome Web Store with no further admin action.

Step 1: force-install the extension

In the Google Workspace admin console at admin.google.com, navigate to Devices → Chrome → Apps & extensions → Users & browsers.
In the OU tree on the left, select the OU that should receive Validera (e.g. Operations / Claims).
Click the yellow + in the bottom-right and choose Add Chrome app or extension by ID.
Paste the Validera extension ID: lebpalegjdonlohfiglmggjdhpojhocl. Leave the location set to From the Chrome Web Store.
In the right-hand panel, set Installation policy to Force install (or Force install + pin to toolbar if you want the Validera icon always visible).

Step 2: push the tenant audit token (managed storage)

Without this step the extension installs but every user sees a “not configured” error and the side panel is blank. Still in the same admin-console panel as Step 1:

Scroll the right-hand panel to Policy for extensions.
Paste the following JSON, replacing <your tenant API key> with the value from app.validera.io/setup → Credentials:

{
  "audit_token": {
    "Value": "<your tenant API key>"
  }
}

Click Save at the top of the panel.

Alternative: push via policy JSON (config-management tools)

If your organisation pushes Chrome policy as JSON via Workspace Sync, Munki, or similar, here are the equivalent fragments. The extension ID is already filled in.

{
  "ExtensionInstallForcelist": {
    "Value": [
      "lebpalegjdonlohfiglmggjdhpojhocl;https://clients2.google.com/service/update2/crx"
    ]
  },
  "3rdparty": {
    "extensions": {
      "lebpalegjdonlohfiglmggjdhpojhocl": {
        "policy": {
          "audit_token": "<your tenant API key>"
        }
      }
    }
  }
}

If you also want to pin the toolbar icon, add an ExtensionSettings block:

{
  "ExtensionSettings": {
    "Value": {
      "lebpalegjdonlohfiglmggjdhpojhocl": {
        "installation_mode": "force_installed",
        "update_url": "https://clients2.google.com/service/update2/crx",
        "toolbar_pin": "force_pinned"
      }
    }
  }
}

3. Path B — Edge via Microsoft Intune

This is the path for organisations running Windows + Edge + Entra ID (Azure AD), managed through Microsoft Intune. The end-state is identical to Path A: Validera force-installed on every targeted device with the audit token pre-configured, no user action required.

Step 1: force-install the extension

In the Intune admin centre at intune.microsoft.com, navigate to Devices → Configuration → Create profile.
Choose Platform: Windows 10 and later and Profile type: Settings catalog. Name it Validera — Edge force-install or similar.
Click Add settings. Search for Microsoft Edge → Extensions → Configure the list of force-installed extensions and enable it.
Add a value of:

njlipfeimoinjclngedhmbgjibncmjdc;https://edge.microsoft.com/extensionwebstorebase/v1/crx

Step 2: push the tenant audit token (managed storage)

Still in Add settings, search for Microsoft Edge → Extensions → Configure extension management settings and enable it.
Enter the following JSON as the value, replacing <your tenant API key> with the key from app.validera.io/setup → Credentials:

{
  "njlipfeimoinjclngedhmbgjibncmjdc": {
    "installation_mode": "force_installed",
    "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",
    "toolbar_pin": "force_pinned"
  }
}

Then, to deliver the token itself, add the registry-style policy under Microsoft Edge → Extensions → Third-party extension settings (or set it directly via the Settings catalog path 3rdparty.extensions.njlipfeimoinjclngedhmbgjibncmjdc.policy):

{
  "audit_token": "<your tenant API key>"
}

Step 3: assign + deploy

Click Next through the wizard. On the Assignments page, select the device group(s) that should receive Validera — typically your operations / claims team group.
Click Create to deploy. Intune syncs to Windows devices on the next check-in (usually within an hour; users can force a sync from Settings → Accounts → Access work or school → Info → Sync).

Entra ID accounts and identity attribution. When users sign into Edge with an on-premises Entra ID (Azure AD) account, the browser does not expose the user’s email to the extension by default. The extension detects this and falls back to a one-time self-onboard flow — the user pastes their work email in the side panel on first launch, which is then matched against the agent list you registered in the Validera dashboard. After that first paste, identity is remembered. Plan to mention this in the rollout note to users (see section 6) so the first-time prompt doesn’t catch them off-guard.

4. Fallback — direct Web Store / Add-ons link

If you can’t use Path A or Path B (e.g. you’re running a pilot of 2–3 users, or you’re on a Workspace/M365 tier without managed extensions), each agent can install Validera manually from a direct store URL.

Chrome: https://chromewebstore.google.com/detail/lebpalegjdonlohfiglmggjdhpojhocl
Edge: https://microsoftedge.microsoft.com/addons/detail/validera/njlipfeimoinjclngedhmbgjibncmjdc

Forward the appropriate link to the target users with a short note (template in section 6).
Each user clicks the link and clicks Add to Chrome / Get on Edge.
The extension appears in the toolbar. They click it, paste their tenant audit token once (from the welcome email you send them), and the side panel goes live.

This path requires no admin involvement, but users can remove the extension on their own, and you need to share the audit token with each user out-of-band (Path A/B push it silently via policy).

5. Verify the install

Pick one machine in the target group. Open Chrome (or Edge) and check:

Policy applied. Open chrome://policy (Chrome) or edge://policy (Edge) and click Reload policies. Confirm ExtensionInstallForcelist includes the Validera extension ID (lebpalegjdonlohfiglmggjdhpojhocl for Chrome, njlipfeimoinjclngedhmbgjibncmjdc for Edge).
Toolbar. The Validera icon is present. (If you used the pin option, it’s always visible; otherwise click the puzzle-piece icon and it should appear in the dropdown.)
Side panel. Click the Validera icon. A side panel opens. The footer shows the version number — confirm it matches what your Validera contact told you to expect.
Identity. The extension reads the browser-signed-in profile email, sends it to audit.validera.io, and either:
- Greets the user with the agent’s name — success.
- Shows an “unknown agent” error — the email isn’t in the Validera dashboard. Send the missing email to your Validera dashboard admin to add at app.validera.io/setup.
- Asks the user to paste their email — this happens on Edge with on-premises Entra ID accounts where the browser does not expose the email to extensions. One-time per browser profile.
End-to-end test. Open a known ticket in your ticket system; the side panel should show the claim summary within a few seconds. Then open any listing on a supported booking platform (Airbnb, Booking.com, Stayz, HRS); the side panel should display the booking and a verdict.

If any of the above fails, see section 8.

6. Tell your users

Below is a short note to forward. Customise the bracketed parts.

Subject: Validera is installed on your browser — here’s what it does

Hi team,

We’ve installed a new browser extension called Validera. You should see a small icon in your [Chrome / Edge] toolbar (next to the address bar). If you don’t see it, click the puzzle-piece icon and pin it.

What it does: when you’re on a [ticket system / booking platform] page, Validera checks that what you’re about to book matches the authorised claim — budget, dates, location, accommodation requirements. If something doesn’t line up, you’ll see a warning or block before you confirm the booking. The intent is to catch the kind of expensive mistake that’s easy to make at the end of a long shift.

First-time setup: click the Validera icon. The side panel opens. In most cases it will recognise you automatically using your work [Google / Microsoft] account. If it asks you to paste your work email, do so once — it’ll remember after that.

If something doesn’t work, reply to this email or contact [your internal helpdesk / your Validera contact]. There’s also a short guide at validera.io/docs/using-validera on what the badge colours mean and when an override is appropriate.

Thanks,
[Your name]

7. Rollback

If you need to remove Validera from a user, group, or the whole organisation:

Chrome (Workspace)

Return to Devices → Chrome → Apps & extensions → Users & browsers in the Workspace admin console.
Select the same OU you used during install.
Find Validera in the list of force-installed extensions. Either:
- Change Installation policy from Force install to Allow install — the extension stays present but users can remove it.
- Click the three-dot menu next to Validera and select Remove — Chrome uninstalls Validera from every machine in the OU on next policy refresh.
Click Save.

Edge (Intune)

In Intune, navigate to Devices → Configuration and open the Validera profile you created.
To remove just for a subset of users: change the assignment on the Assignments tab. To remove for everyone: click Delete at the top of the profile, then on the next Intune sync each device’s Edge will uninstall the extension.

Removing the extension does not delete data already sent to Validera. To request data deletion, see /privacy.

8. Support

For deployment issues, the right escalation path is:

Sign-in errors (“unknown agent”, “no tenant”): your Validera contact at support@validera.io — usually an agent record missing in the dashboard.
Extension not appearing after policy was saved: wait 10 minutes; sign-out and back into the browser profile. On Chrome, force a policy refresh from chrome://policy; on Edge, from edge://policy. If still missing, confirm the user is actually in the target OU (Workspace) or device group (Intune), and that no ExtensionInstallBlocklist entry contains Validera or *.
Side panel says “not configured”: the extension installed but the audit_token managed-storage policy didn’t land. Re-check Step 2 of your chosen path — the JSON payload must be assigned to the same OU/device group as the force-install policy, and the token value must match the API key shown at app.validera.io/setup.
Service outages (verdicts not loading, side panel blank): check validera.io/status first. If green, see /support for severity and contact.
Security questions — data flows, encryption, sub-processors: /security. For a full security pack or to complete a vendor questionnaire, email security@validera.io.
Privacy & DPA: /privacy, and privacy@validera.io.