Deployment guide for offline mode sync service and browser extension

Offline Mode for Passwords allows approved Users to view data when the IT Glue web application is under maintenance or temporarily unavailable. The feature works by pulling IT Glue passwords on your device through the Windows sync service and allows you to browse this data through the IT Glue Chrome browser extension.

Note The Windows sync service must be installed before adding the Offline Mode Chrome browser extension. An error will appear if you attempt to sign into the browser extension without the sync service. You must set up Offline Mode in the order of the steps below.

System Requirements

The sync service requires the device to run on physical Windows 10 Pro, Windows 11 Pro, or a higher edition. The sync service is not supported on virtual machines.

Note: IT Glue strongly recommends having disk encryption on the device where the extension is being installed. If your device is compromised, it provides additional security to prevent bad actors from accessing the locally stored IT Glue data maintained by the Windows sync service.

Recommended setup

To limit the replication of IT Glue data files across devices, we highly recommend the following setup:

  • Set up a unique Windows profile on the approved device, for each user needing access to the Offline Mode on a single secure server. Users can then set up an instance of the browser extension in Chrome from their profiles and IT Glue data is kept on a single device.
    Note: When Offline Mode access is granted, login is only supported for the user who has set it up. Two different Users cannot configure Offline Mode on the same Windows device.
  • Ensure disk encryption using Microsoft BitLocker is set up on the device where Offline Mode is being installed. If your device is compromised, it provides additional security to prevent bad actors from accessing the locally stored IT Glue data maintained by the Windows sync service.

Enabling Offline Mode for passwords

  1. Log in to IT Glue and navigate to Account > Settings > Offline Mode.
  2. Open and review the Offline Mode 101 and Security Whitepaper articles. This is a mandatory step to help understand the feature.
  3. Toggle the Enable Offline Mode Extension switch to ON.
    Enable_OfflineMode.png
    To confirm you understand the security implementations of the articles, type “I UNDERSTAND” and select Enable.
    I_Understand.png
  4. Under Security Settings, enter the following setting values:
    • Specify the number of days the Offline Mode browser extension can be offline before automatically removing offline data from the device and revoking access.
    • Specify the number of days before receiving a warning email about removing data from the device and revoking access. Automated email to be sent to a user letting them know that the extension will be wiped on the Windows device unless turned on within a configured number of days.
    • Specify the length of time that a user can be inactive before they are logged out of the Offline Mode Chrome browser extension.
      Security_Settings.png

Installing the offline mode browser extension

Note: This is exclusively available for Google Chrome browsers, other web browsers are not supported. The original IT Glue/MyGlue browser extensions cannot be used with Offline Mode for passwords.

  1. Within the Offline Mode tab click Download Extension.
  2. Click + Add to Chrome in the top-right corner.
  3. In the pop-up, click Add extension. The Offline Mode extension icon will now appear in your Chrome extensions.

Once installed, please perform the following actions:

  1. Go to Chrome > Settings > Extensions.
  2. Under Details for IT Glue Offline Mode, move the toggle ON for Allow access to file URLs.

This will fix an issue with your Extension getting stuck in the "Sync in Progress" as it now gives privileges to the extension to communicate with the Offline Mode Sync Service on your local device.

Signing in through the Offline mode extension

For accounts that utilize Single Sign-On (SSO), it's crucial to remain on the same browser tab where the IT Glue application is active during the entire setup. This includes the processes of installing the sync service, logging into the extension for the first time, registering, and logging in within the extension, up until the data synchronization is complete.

  1. Click on the icon to open the extension
    OfflineMode_Extension.png
  2. Login to the extension using your existing IT Glue User credentials to view the Passwords that are obtained through the Windows sync service.

For account's that use Single Sign-On, see Enabling Offline Mode SSO

Installing the Windows Sync Service

Once you have signed into the extension you will be prompted to download the sync service. 

  1. Select Download Sync Service.
    Download_Sync_Service.png
  2. Open the Offline mode installer file on your Windows device and follow the steps shown in the wizard.
  3. Click Let’s Get Started to run the security check. The security check ensures that the device meets the Offline mode security standards.
    Get_Started.png
  4. Ensure the device settings has enabled and updated Disc Encryption, On-Device Malware Protection and System Access (found under Update & Security Settings and Group Policy Management Console).

  5. Once the security check is complete. click Next.
    Note: You cannot move to the next step until the Security Check is successful.
    Security_Check.png

  6. Enter your existing IT Glue Users account region/location, subdomain, email username and password. Select Log In.
    LogIn.png
    Note: If your account has SSO enabled you will be redirected to your SSO provider 
  7. Enter your IT Glue Users authentication code from your MFA app and click Verify.
    Authentication_Code.png
  8. The password sync process will begin. Do not exit this window, sync times may vary depending on the number of Passwords that are syncing.

  9. Once the Windows sync service is successfully installed, a message will state Offline Mode Installation Complete!
    Note: To continue syncing IT Glue passwords to the Chrome Extension, please do not stop or disable the sync service.

Managing Offline mode settings

Administrators can manage the settings in Account > Settings > Offline mode: 

  • Modify Security Settings.
  • Disable Offline Mode and all users with granted access.
  • Revoke individual Users with granted access.

The Offline Mode extension has the following default settings:

  • Removal policy default: 7 days
  • Removal policy email default: 5 days
  • Session length default: 30 minutes

Note: If a user is removed from IT Glue BEFORE the user is revoked from offline mode, that user will continue to have access to old offline mode data until the date removal period is reached.

Viewing active and pending extension instances

Administrators can review the details of all users who have configured the extension and their devices in the Browser Extension Management table. They can expand the rows to view details about the user and device having or requesting extension access.

Browser_Extension_Management.png

Approve an extension access request

Administrators can approve, reject, or revoke extension access by clicking on the tick mark for an instance.

Approve_Extension.png

An email is sent to the administrator when someone has requested access, and the requester will receive a notification email when the access is granted.

Revoke an extension access

Note: Once a user has been revoked, they cannot be re-added to offline mode.

By revoking an instance, the instance of an extension access will no longer be usable (user will be returned to the ‘Configure’ screen after logging in). All IT Glue passwords that synced to the device will be wiped. Administrators can revoke extension access from Account > Settings > Offline Mode by clicking Revoke under the Actions column.

Revoke_Extension.png

Communicating between the extension and IT Glue server

The extension will attempt to synchronize with IT Glue every hour to get the latest user, organization, and password data. You will see a ‘last synced’ stamp on the extension widget with the time of the last successful sync.

The browser extension will communicate with the Windows sync server that the user installed on their device. The Offline Mode Chrome browser extension will display the passwords that were pulled through the Windows sync service.

Handling MFA Resets with IT Glue Offline Mode

Both the IT Glue web application and IT Glue 'Offline' extension share the same MFA/Secret Key. Resetting MFA in IT Glue renders the MFA in offline mode unusable, resulting in an 'Invalid Error' when attempting to log in to the Offline Mode extension. After an MFA reset in IT Glue, it is essential to reinstall IT Glue's sync service. You can accomplish this by navigating to the following drive path: C:/Program Files/IT Glue/IT Glue Offline Mode/itg-offline-mode-installer.msi and reinstalling Offline Mode.

Drivepath.png

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section