Configuration Schema
The extension reads its enterprise configuration from a managed storage object with the following fields:| Field | Type | Description |
|---|---|---|
region | string (na, eu, au, mena) | Pre-defined Airia authentication region for the organization |
customAppUrl | string (URL) | Recommended. Your organization’s Airia app URL (e.g., https://app.company.com). The extension automatically discovers the correct API and auth endpoints via .well-known/service-configuration — no need to configure them separately. |
customApiHost | string (hostname) | Deprecated — use customAppUrl instead. Custom API server hostname. |
customAuthHost | string (hostname) | Deprecated — use customAppUrl instead. Custom authentication server hostname. |
lockConfiguration | boolean | Prevents users from changing region or server settings in the extension UI. Defaults to false. |
provisioningApiKey | string | A tenant API key that lets the extension fetch deployments and policies without requiring the user to sign in — enables zero-touch rollout. If a user does sign in with their own account, their credentials take precedence over the provisioned key. |
region, customAppUrl, or the customApiHost + customAuthHost pair. provisioningApiKey can be combined with any of these — it controls authentication, not the instance. If you configure provisioningApiKey alone with none of the above, the extension falls back to the default (na) region, so it’s best paired with an explicit region or customAppUrl.
Deploying on Chrome and Edge
Chrome and Edge (Chromium) read extension managed storage from the3rdparty.extensions.<extension-id> policy key.
Option A: Google Admin Console (Chrome Browser Cloud Management)
- Sign in to the Google Admin Console
- Navigate to Devices → Chrome → Apps & Extensions
- Select the organizational unit to configure
- Find or add the Airia extension by ID
- Open its Policy for extensions field and paste your configuration JSON (see examples below)
- Save — the policy syncs to managed Chrome browsers on their next policy refresh
Option B: Group Policy (GPO) / Intune ADMX
- Install the Chrome ADMX templates (or the Edge equivalent) on your management workstation
- Under Computer Configuration → Administrative Templates → Google Chrome / Microsoft Edge → Extensions, configure Extension management settings, or use the dedicated 3rd party extension management policy
- Add an entry for the Airia extension ID with a
"policy"block containing your configuration JSON - Deploy via GPO or an Intune configuration profile targeting your managed devices
Deploying on Firefox
Firefox reads managed configuration frompolicies.json’s 3rdparty.Extensions.<extension-id> block.
- Generate or hand-edit a
policies.jsonusing the Enterprise Policy Generator extension, or your existing Firefox ADMX/Intune policy deployment - Add a
3rdparty→Extensions→<extension-id>entry containing your configuration JSON - Deploy
policies.jsonto the appropriatedistribution/or platform-specific policy location on managed machines, or push via GPO/Intune ADMX for Firefox
Worked Examples
Pre-defined region
Custom app URL (recommended)
Legacy custom hosts
Zero-touch provisioning
Pre-authenticates the extension using a tenant API key, so users never have to sign in manually. Any user who does sign in with their own credentials will use those instead.3rdparty.extensions or Firefox’s 3rdparty.Extensions).
Verifying Deployment
Once policy has synced to a managed browser:- Install or open the Airia extension
- Click the extension icon — if
lockConfigurationis set, you’ll see a locked configuration screen showing the organization’s region or app URL, with no ability to change it - If
provisioningApiKeyis set, the extension will connect and fetch deployments automatically without prompting for sign-in
Troubleshooting
The extension doesn't pick up the managed configuration
The extension doesn't pick up the managed configuration
- Confirm the extension ID in your policy matches the installed extension’s ID exactly
- Managed storage policies typically require a browser restart or a policy refresh (
chrome://policy→ Reload policies on Chrome/Edge) to take effect - Confirm the policy was actually pushed to the target organizational unit or device group
Which fields take precedence if I configure more than one?
Which fields take precedence if I configure more than one?
customAppUrltakes precedence overregionand overcustomApiHost/customAuthHostif multiple are presentprovisioningApiKeyoperates independently — it controls authentication, not which Airia instance the extension talks to- A signed-in user’s own credentials always take precedence over
provisioningApiKey
Users can still change the region or server settings
Users can still change the region or server settings
Verify
lockConfiguration is set to true (not just present) in the managed policy value, and that the policy has synced — check chrome://policy or Firefox’s about:policies on an affected machine to confirm the value the browser actually received.