Extension Auto Login

Updated Mar 18, 2026

DataMagik Automate

DataMagik Automate — Enterprise Policy Configuration & Diagnostics

This guide explains configuration and troubleshooting for the DataMagik Automate browser extension using enterprise management tools including Microsoft Intune, Windows Group Policy (GPO), and other MDM solutions.

Key Concept: Two Separate Policies

Chrome and Edge extensions require two separate policies for force-install + auto-login:

ExtensionSettings — forces the extension to install (only installation_mode and update_url)
3rdparty managed storage — provides the bearer token and environment settings to chrome.storage.managed

⚠ Common Mistake: Placing bearerToken inside an ExtensionSettings.policy key will not work and causes the error:
Schema validation error: Unknown property: policy

The bearer token must go in the separate 3rdparty managed storage path, not nested inside ExtensionSettings.

Priority Order

The extension uses this authentication priority:

User-set token — Takes priority if user has logged in manually or set their own token
Managed policy token — Used as fallback when no user token exists

This allows users to override enterprise settings while providing default configuration.

Configuration Options Reference

Supported managed settings:

Key	Type	Description
`bearerToken`	String	Valid DataMagik API bearer token (starts with `dcp_`) for auto-login
`environment`	String	Server environment: `production` (https://data-magik.com) or `staging` (https://staging.data-magik.com). Defaults to `production`
`lockEnvironment`	Boolean / DWORD	When `true` (or `1`), prevents users from changing environment in Settings. Defaults to `false`

Option A: PowerShell Deployment (Recommended)

The easiest and most reliable method. Writes registry keys directly — no ADMX template import required. Works for both Chrome and Edge.

Step 1: Download the Script

Download Deploy-DataMagikExtension.ps1 from your DataMagik administrator or the extension documentation.

Step 2: Configure

Edit the configuration section at the top of the script:

$BearerToken     = "dcp_YOUR_ACTUAL_TOKEN"    # From DataMagik > Settings > API Keys
$Environment     = "production"                # "production" or "staging"
$LockEnvironment = $false                      # $true to lock environment switching
$Browsers        = "Both"                      # "Both", "Chrome", or "Edge"

Step 3: Deploy via Intune

In Intune: Devices > Scripts and remediations > Platform scripts > Add > Windows 10 and later
Upload the script
Settings:
- Run this script using the logged-on credentials: No (runs as SYSTEM)
- Run script in 64-bit PowerShell: Yes
- Enforce script signature check: No
Assign to a device group

The script also supports Remediation mode (detect + auto-fix) for self-healing. See the included Detect-DataMagikPolicy.ps1 and Remediate-DataMagikPolicy.ps1 scripts.

Option B: Microsoft Intune (OMA-URI)

Manual OMA-URI configuration. Requires Chrome ADMX templates to be imported into Intune for Chrome policies. Edge ADMX is built-in.

Prerequisite (Chrome only): Import Chrome ADMX templates into Intune first. Download from Chrome Enterprise policy templates and import via Devices > Configuration profiles > Import ADMX. Edge templates are built into Intune by default.

Policy 1: Force Install the Extension

OMA-URI (Chrome):

./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionSettings

OMA-URI (Edge):

./Device/Vendor/MSFT/Policy/Config/Edge~Policy~microsoft_edge~Extensions/ExtensionSettings

Data type: String

Value:

{
  "hppahoaiaihchdpnoegknnodnjleogdi": {
    "installation_mode": "force_installed",
    "update_url": "https://clients2.google.com/service/update2/crx"
  }
}

⚠ Important: Do NOT add a "policy" key here. The ExtensionSettings value must only contain installation_mode and update_url. The bearer token goes in Policy 2 below.

Policy 2: Managed Storage (Bearer Token + Environment)

This is a separate OMA-URI policy — not nested inside ExtensionSettings.

OMA-URI (Chrome):

./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/3rdparty\extensions\hppahoaiaihchdpnoegknnodnjleogdi\policy

OMA-URI (Edge):

./Device/Vendor/MSFT/Policy/Config/Edge~Policy~microsoft_edge/3rdparty\extensions\hppahoaiaihchdpnoegknnodnjleogdi\policy

Note: Use backslashes (\) in the OMA-URI path for the 3rdparty segment. This is an Intune-specific requirement.

Data type: String

Value:

{
  "bearerToken": "dcp_YOUR_BEARER_TOKEN_HERE",
  "environment": "production",
  "lockEnvironment": false
}

Option C: Windows Group Policy (GPO)

Step 1: Install Chrome ADMX Templates

Download Chrome ADMX templates from Google Chrome Enterprise
Copy chrome.admx to \\domain\sysvol\domain\Policies\PolicyDefinitions\

Step 2: Force Install

Open Group Policy Management Console (gpmc.msc)
Navigate to: Computer Configuration > Administrative Templates > Google Chrome > Extensions
Open Configure extension installation allow/blocklist
Add: hppahoaiaihchdpnoegknnodnjleogdi;https://clients2.google.com/service/update2/crx

Step 3: Configure Managed Storage via Registry

The bearer token and settings go in the 3rdparty registry path:

Chrome path:

HKLM\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\hppahoaiaihchdpnoegknnodnjleogdi\policy

Edge path:

HKLM\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\hppahoaiaihchdpnoegknnodnjleogdi\policy

Name	Type	Data
`bearerToken`	REG_SZ	`dcp_YOUR_BEARER_TOKEN_HERE`
`environment`	REG_SZ	`production`
`lockEnvironment`	REG_DWORD	`0`

Or use this registry file (datamagik-policy.reg):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\hppahoaiaihchdpnoegknnodnjleogdi\policy]
"bearerToken"="dcp_YOUR_BEARER_TOKEN_HERE"
"environment"="production"
"lockEnvironment"=dword:00000000

Google Admin Console

Navigate to Devices > Chrome > Apps & extensions
Find or add the DataMagik Automate extension by ID: hppahoaiaihchdpnoegknnodnjleogdi
Set Installation policy to "Force install"
In the Policy for extensions field, enter:

{
  "bearerToken": {
    "Value": "dcp_YOUR_BEARER_TOKEN_HERE"
  },
  "environment": {
    "Value": "production"
  },
  "lockEnvironment": {
    "Value": false
  }
}

Note: Google Admin Console uses a { "Key": { "Value": ... } } format for managed schema properties.

Generating Bearer Tokens

Log in to DataMagik
Navigate to Settings > API Keys (or your admin may generate them)
Create a new API key — the token will start with dcp_
Copy the full token for use in the managed policy

Security note: Bearer tokens provide full API access for the associated user. Store and transmit them securely. Consider using per-user tokens rather than shared tokens when possible.

Verification & Diagnostics

1. Extension Settings Page

The extension Settings page includes an Enterprise Policy Diagnostics card that shows:

Overall policy status (Configured / Partially Configured / Not Configured)
Whether chrome.storage.managed is accessible
Bearer token presence and validation status (first 10 characters shown)
Environment and lock settings
Specific issues and what needs to be fixed

Open the extension popup, go to Settings, and check the diagnostics card at the top.

2. PowerShell Diagnostic Script

Run Check-DataMagikPolicy.ps1 on the target machine to verify registry configuration:

.\Check-DataMagikPolicy.ps1                    # Check both Chrome and Edge
.\Check-DataMagikPolicy.ps1 -Browser Chrome    # Chrome only
.\Check-DataMagikPolicy.ps1 -Browser Edge      # Edge only

The script checks all registry paths, validates the bearer token against the API, and reports issues with recommendations.

3. Chrome Policy Page

Open Chrome and navigate to chrome://policy (or edge://policy for Edge)
Click Reload policies
Verify:
- The extension appears under ExtensionSettings with status OK (not "Warning")
- The 3rdparty policy shows bearerToken, environment, and lockEnvironment

4. Check Managed Storage Directly

If auto-login fails, verify storage using the service worker console:

Navigate to chrome://extensions and enable Developer mode
Find DataMagik Automate and click service worker
Run:

chrome.storage.managed.get(null, (result) => {
  if (chrome.runtime.lastError) {
    console.error('No managed storage:', chrome.runtime.lastError.message)
  } else {
    console.log('Managed storage contents:', JSON.stringify(result, null, 2))
  }
})

You should see: {bearerToken: "dcp_...", environment: "production", lockEnvironment: false}

If you see "Storage manifest not found", it means Chrome has no managed policy deployed for this extension.

Troubleshooting

Issue	Cause	Fix
`Schema validation error: Unknown property: policy`	Bearer token placed inside ExtensionSettings instead of 3rdparty managed storage	Remove `policy` key from ExtensionSettings. Create separate 3rdparty managed storage policy for the bearer token. See Policy 2 above.
Policy not applied	ADMX templates not imported, or GPO not synced	Use the PowerShell deployment script (no ADMX needed), or import Chrome ADMX templates. Run `gpupdate /force` and restart the browser.
Token authentication failing	Token expired, invalid, or wrong environment	Generate a new token from DataMagik > Settings > API Keys. Verify the `environment` setting matches the token's server.
Extension not auto-installing	Missing or incorrect ExtensionSettings	Verify `update_url` is `https://clients2.google.com/service/update2/crx` and `installation_mode` is `force_installed`.
"Storage manifest not found"	No 3rdparty managed storage policy deployed	Deploy the 3rdparty managed storage policy (Policy 2) or use the PowerShell deployment script.

Security Considerations

Token Security: Bearer tokens are stored in Chrome's managed storage, protected by the OS. Consider using tokens with minimal required permissions.
Token Rotation: Plan for periodic token rotation by updating the policy configuration.
User Override: Users can override the managed token by logging in with their own credentials. Set lockEnvironment to prevent environment changes, but user authentication always takes priority.
Audit Logging: DataMagik logs authentication events for monitoring managed token usage.