This article explains how Swif’s browser extension behaves on its own and how it expands when paired with the Swif MDM agent, including the dual-auth model, PII monitoring, upload restrictions, and shared accounts (password vault).
Overview
Swif’s browser extension and MDM agent are designed to work closely together:
Browser extension – controls what happens in the browser (web app access, blocking, detections, and shared credentials).
MDM agent – provides device-level identity and context (managed device, assigned employee, and device-scoped policy controls).
Many newer security features rely on device context. Without MDM, the extension still works, but a subset of features remains silently inactive.
Dual Auth Model: How Features Are Enabled
Swif supports two main paths:
1. Employee / Device Path (MDM-Enrolled Devices)
On a properly enrolled MDM device:
The extension can associate activity with the managed device and its assigned employee.
Employees do not need to log in to the extension for core protections to work.
On these devices, the following can run without user login:
Blocklist (site/app blocking)
Access tracking
Sign-up detection
PII monitoring
Upload restrictions
Sensitive app tracking
Device-scoped policies
Shared account/credential usage (subject to policy)
2. Admin / Supporter Path (Extension Login)
Admins, IT, and supporter roles log in to the extension when they need management, support, or investigative capabilities.
On non-MDM devices, employees must log in for the extension to:
Apply blocklists
Track access
Detect sign-ups
Key point:
MDM-enrolled devices: Most protections work automatically via the device/employee association, even if the employee never logs into the extension.
Non-MDM devices: Login to the extension is required for basic protections; advanced device-scoped features remain inactive.
What You Get With and Without MDM
Feature | MDM-Enrolled Device (No Extension Login Required) | Non‑MDM Device (Requires Extension Login) | Needs MDM? | What Users Will Notice |
Blocklist (site/app blocking) | Yes | Yes, if logged in | No | Blocked pages show a message that access is restricted by the organization. |
Access tracking | Yes | Yes, if logged in | No | Browsing feels normal; activity is silently recorded and visible to admins. |
Sign-up detection | Yes | Yes, if logged in | No | Sign-ups proceed normally; events are reported to admins for visibility. |
PII monitoring | Yes | No (inactive) | Yes | With Swif's browser extension, sensitive data interactions are silently monitored. Users will not see prompts; all activity is reported to admins in Insights dashboards. |
Upload restrictions | Yes | No (inactive) | Yes | With Swif's browser extension, certain uploads are blocked, and users see a full-screen notice explaining that file upload is blocked by the organization and to contact IT if needed. |
Sensitive app tracking | Yes | No (inactive) | Yes | No prompts; admins gain deeper visibility into sensitive app usage. |
Shared Accounts / Password Vault | Yes (for assigned employees and policies) | Limited / policy-dependent | Often | Users may see shared login options injected or offered by the extension; admins control who can use which shared credentials. |
Without MDM, advanced capabilities (PII monitoring, upload restrictions, sensitive app tracking, device-scoped policies, and many shared-account controls) are present in the extension but silently inactive.
PII Monitoring
How it works
When enabled on an MDM-enrolled device, the extension monitors configured sensitive data interactions in the browser.
Detected PII events are silently sent to the backend and surfaced to admins via Insights and other admin-facing dashboards.
What users will notice
There are no inline hints or pop-up warnings for PII.
With our new WebExt, sensitive data interactions are silently monitored.
Users will not see prompts; all activity is reported to admins.
Upload Restrictions
How it works
When upload restriction policies are configured, the extension evaluates file uploads to certain domains or apps.
On MDM-enrolled devices, if an upload violates policy, the extension hard-blocks the upload.
What users will notice
It is not a confirmation or approval dialog.
With our new WebExt, certain uploads are blocked and users see a notice explaining the restriction:
A full-screen overlay appears stating:
“File upload blocked by your organization. Contact your IT team if you need to upload files to this domain.”
Shared Accounts / Password Vault
Swif’s extension supports shared accounts via a central password vault.
For employees
On supported apps, the extension can provide shared credentials so teammates can access common accounts (e.g., shared inboxes, team tools) without handling the actual password.
Access to each shared account is controlled by policy (role, group, device).
For admins
Store and manage shared credentials in a central password vault.
Control which teams and devices can use each shared account.
Audit usage (which device/employee used which shared credentials and when).
Behavior and availability of shared accounts can depend on MDM enrollment status and your organization’s configuration.
How to Get the Most From Swif
For employees on MDM-enrolled devices
Just use your browser as normal. Core protections (blocklist, access tracking, sign-up detection, PII monitoring, upload restrictions, and device-scoped policies) work in the background without requiring an extension login.
You may see:
Block pages for restricted sites.
Full-screen overlays when uploads are blocked.
Shared account password vault prompts wherever they are available.
For employees on non-MDM devices
Log in to the extension to enable blocklists, access tracking, and sign-up detection.
Advanced device-scoped features remain inactive without MDM.
For admins and supporters
Log in to the extension when you need diagnostic context or admin-facing features.
Review PII events, access tracking, signup detections, and upload blocks in your admin/Insights dashboards.
Troubleshooting
“I didn’t see any warning, but my admin says there was a PII event.”
This is expected. PII monitoring is silent and only visible to admins.“My upload was blocked with a full-screen overlay.”
A policy-based upload restriction is in effect. The overlay explains the block and directs you to contact IT.“I’m on a non-MDM device, and nothing seems to happen.”
Make sure you’re logged into the extension; without MDM, login is required for basic protections.“I can’t access a shared account I used before.”
Your access may have changed, or your device may not meet policy. Contact your IT or security team.