Skip to main content

Apple Google Chrome Extension Deployment and Blocking Policy

Overview

This policy is used to manage Google Chrome Extensions configuration on macOS devices through Swif. It allows administrators to deploy, block, force-install, and control extension types across managed devices.

Supported Platforms: macOS
BYOD Compatibility: macOS
Ownership: Company-owned, BYOD
Requirements: None

Important: Chrome Restart Required

After deploying a Chrome extension policy to macOS devices through Swif, the Chrome browser on those devices must be restarted to apply the policy fully. This includes installing or blocking the extension based on your configuration.

Policy Settings

1. Swif Extension

Property

Value

Field Name

swifChromeExtension

Type

Boolean

Default

false

Platform

macOS

Enable the Swif Chrome Extension on managed devices.

2. Block External Extensions

Property

Value

Field Name

blockExternalExtensions

Type

Boolean

Default

false

Platform

macOS

Controls external extensions installation.

  • true — Block installation of external extensions

  • false — Allow installation of external extensions

External extensions and their installation are documented at https://developer.chrome.com/apps/external_extensions.

3. Types of Extensions/Apps Allowed to Be Installed

Property

Value

Field Name

extensionAllowedTypes

Type

Array of Strings

Default

None (no restrictions)

Platform

macOS

Controls which types of apps and extensions may be installed in Google Chrome. Extensions and apps with a type not on the list won't be installed.

Possible values:

Value

Description

extension

Standard Chrome extension

theme

Chrome browser theme

user_script

User script

hosted_app

Hosted web app

legacy_packaged_app

Legacy packaged app

platform_app

Platform app

Note: This policy also affects extensions and apps force-installed using the Force Install list. Versions earlier than Chrome 75 that use multiple comma-separated extension IDs aren't supported.

4. Extension ID Allowlist

Property

Value

Field Name

extensionInstallAllowlist

Type

Array of Strings

Default

None

Platform

macOS

Specifies which extensions are not subject to the blocklist.

  • If the blocklist contains * (all extensions blocked), users can only install extensions listed in the allowlist.

  • By default, all extensions are allowed unless a blocklist is configured.

5. Extension ID Blocklist

Property

Value

Field Name

extensionInstallBlocklist

Type

Array of Strings

Default

None

Platform

macOS

Specifies which extensions users cannot install.

  • Extensions already installed will be disabled if blocked, without a way for the user to enable them.

  • Once an extension is removed from the blocklist, it will automatically get re-enabled.

  • A blocklist value of * means all extensions are blocked unless explicitly listed in the allowlist.

  • If this policy is left unset, users can install any extension.

6. Extension/App IDs to Force Install

Property

Value

Field Name

extensionInstallForcelist

Type

Array of Strings

Default

None

Platform

macOS

Specifies a list of apps and extensions that install silently, without user interaction, and which users can't uninstall or turn off.

Key behaviors:

  • Permissions are granted implicitly, including for enterprise.deviceAttributes and enterprise.platformKeys extension APIs.

  • This policy supersedes the Extension ID Blocklist — force-installed extensions cannot be blocked.

  • If an extension is removed from this list, Chrome automatically uninstalls it.

  • If left unset, no extensions are auto-installed and users can uninstall any extension.

7. Extension Install Sources (URL Patterns)

Property

Value

Field Name

extensionInstallSources

Type

Array of URLs

Default

None

Platform

macOS

Specifies which URLs may install extensions, apps, and themes using the simplified installation flow.

  • Each item is an extension-style match pattern (see Chrome match patterns).

  • Both the .crx file location and the referrer page must match the allowed patterns.

  • The Blocklist takes precedence — an extension on the blocklist won't be installed even from an allowed source.

Policy Precedence

Understanding how these settings interact is critical:

Force Install List > Blocklist > Install Sources > Allowlist > Allowed Types

  1. Force Install always wins — extensions here are installed regardless of other settings.

  2. Blocklist overrides Install Sources and Allowlist — a blocked extension cannot be installed from any source.

  3. Allowlist only matters when a blocklist is active — it exempts specific extensions from the block.

  4. Allowed Types filters all extensions not force-installed by their type.

Common Deployment Scenarios

Block all extensions except approved ones

extensionInstallBlocklist: ["*"] extensionInstallAllowlist: ["extension_id_1", "extension_id_2"]

Force-deploy a company extension and block everything else

extensionInstallForcelist: ["company_extension_id"] extensionInstallBlocklist: ["*"] extensionInstallAllowlist: ["company_extension_id"]

Allow only standard extensions and themes

extensionAllowedTypes: ["extension", "theme"]

Deploy Swif extension with external extension blocking

swifChromeExtension: true blockExternalExtensions: true

Troubleshooting

Issue

Resolution

Extension not installing after policy deploy

Restart Chrome on the device

Force-installed extension shows as disabled

Check it's not also on the blocklist (force-install should override, but restart Chrome)

User can still install blocked extensions

Verify policy has synced; restart Chrome

Extension re-appears after removal

Check if it's on the force-install list

Related Resources

Related Articles
Swif's Chrome Extension: Installation & Overview
Swif Firefox Extension: Installation & Overview
Swif Safari Extension: Installation & Overview
Apple Google Chrome Policy
Apple Safari Extension Policy (macOS)
Did this answer your question?