DocumentationRelease Notes
Log In
Documentation

Workforce Passwords deployable extension

Suggest Edits

Workforce Passwords offers a secure way to store and access business credentials through a browser extension. Administrators can deploy the Workforce Passwords extension across Chrome, Edge, and Firefox browsers on Windows systems efficiently by using Windows Group Policy Objects (GPOs) to centrally deploy the extension to all domain-joined Windows machines. This eliminates the need for users to manually install it. Administrators can also pre-configure the Workforce Passwords server URL to provide a seamless setup for end users.

Group Policy Management Console (GPMC)

Group Policy Management Console in Windows Explorer is tool used to administer GPOs and associated permissions across a network. Administrators have access to this tool.

There are several ways to start Group Policy Management:

  • Start menu: Enter Group Policy Management in the Start menu search bar and select the appropriate item.
  • Run Dialog: Press Windows + R, enter gpmc.msc, and hit Enter.
  • Server Manager: On a domain controller, launch Server Manager, go to Tools, and choose Group Policy Management.

Once the GPMC is open, you can manage GPOs across your domain or organization. This includes creating, linking, and modifying GPOs to define settings for users and computers.

Edit the GPO Settings

  1. Start the GPMC using one of the methods listed above.
  2. In GPMC, navigate to the policy you want to edit, and then select Computer Configuration > Policies > Administrative Templates > BeyondTrust > Workforce Passwords.

Within the Workforce Passwords folder, there are three folders:

  • Google Chrome folder
  • Microsoft Edge folder
  • Mozilla Firefox folder

Select the appropriate folder.

There are three settings within each folder that admins can configure:

  • Authenticate with Pathfinder (beyondtrust.io)
    • If State is set to Not configured or Disabled, and the user starts Workforce Passwords, the user has the option to choose between different login portals.
    • If State is set to Enabled, and the user starts Workforce Passwords, the option to choose between different login portals is no longer available. The user is instead taken to the Platform Cloud Solutions login screen.
  • Specify default locale
    • If State is set to Not configured or Disabled, the local defaults to what is specified in the user's web browser.
    • If State is set to Enabled, one of the locals listed in the Default Locale dropdown can be selected.
      • When a local is selected and the user launches Workforce Passwords, the start dialog will appear in that local language.

        ℹ️

        Note

        Users can change the local setting to a value different from the one set by the administrator. This is the only enterprise deployment setting that users are allowed to freely customize.

  • Authenticate with a Password Safe URL (cloud or self-hosted)
    • If State is set to Enabled , administrators can supply a Password Safe URL to authenticate with Pathfinder.
      • When the user starts Workforce Passwords, they are brought to the URL entered in the GPO screen.
      • The user is not able to modify the Password Safe URL from the pre-configured value, or switch to Pathfinder to login.
      • The URL should follow the format https://ps-instance.local/webconsole

To apply the updates, run the GPUPDATE command on the client machine. Once completed, the new settings take effect.

Updated 19 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.