Skip to main content

Troubleshooting the Nudge Security browser extension

If the Nudge Security browser extension isn't appearing as registered in your console, this guide will help you find out why.

Written by Velizar Demirev

Work through the steps in order, most issues come down to one of three things: the extension wasn't deployed correctly, the deployment policy hasn't reached the endpoint, or the extension can't identify the user.

Step 1: Confirm the extension is installed

If you deployed the extension through MDM (the most common method), first verify that both the extension and its policy reached the endpoint.

Open the extensions page in the browser (chrome://extensions/ in Chrome, edge://extensions/ in Edge) and check that the Nudge Security extension is present and enabled. The production extension ID is diaecjfdpohehjhliaephjnpnlmeajfa.

Step 2: Confirm the deployment policy reached the endpoint

Policy replication can take a while, so don't be surprised if a freshly enrolled device isn't there yet.

Go to the browser's policy page (chrome://policy/ in Chrome, edge://policy/ in Edge) and scroll to the Nudge Security Browser Extension entry. You should see a policy named nudge-security-deployment-key with your deployment key as its value.

If the value is missing, the problem is in your MDM deployment; fix that before continuing. The extension can't register without a deployment key.

Step 3: Check registration status

Once the extension and policy are in place, the extension exchanges the deployment key for a user key tied to a registered user. It then connects to your Nudge Security tenant, and the browser appears as registered under that user in the Nudge Security console.

Keep in mind it can take up to 30 minutes for a newly registered browser to appear in the console.

If you don't see it, check the extension's own status. Right-click the extension icon, then Options. The status tells you exactly where registration stands:

Status

What it means

CONFIGURED

Fully registered - API key issued and user identified.

WAITING_FOR_REGISTERED_USER

Deployment key is in place, but the extension is still discovering the user's identity. See How user registration works.

NO_DEPLOYMENT_KEY

Extension is installed, but no deployment key is configured. Revisit step 2.

Step 4: Verify the service worker is running

If registration still isn't completing, check the extension's service worker.

In Chrome: Go to chrome://serviceworker-internals/, search for the extension ID (diaecjfdpohehjhliaephjnpnlmeajfa), and confirm the worker is running. Click Inspect to open DevTools for the service worker and review the Console tab.

In Edge: Open the extensions page and click Service Worker under the Nudge Security extension to open its console.

If the worker isn't running, restart the extension by disabling and re-enabling it. If MDM deployment prevents that, run this in the service worker console instead:

chrome.runtime.reload()

Document any errors that appear in the console - they'll matter if you need to contact our support team.

Step 5: Check network connectivity

In the service worker DevTools, open the Network tab and confirm requests are going out without errors.

Network errors usually mean a firewall or proxy is blocking the extension. Make sure these domains are allowed:

  • extension.nudgesecurity.io

  • http-intake.logs.datadoghq.com

You can verify connectivity directly from the service worker console:

const response = await fetch('https://extension.nudgesecurity.io/health') console.log(await response.json())

Watch for proxy response filtering. Some proxies modify or redirect responses rather than blocking them outright. In the Network tab, look for responses where the final URL differs from the request URL, or non-JSON error responses. These indicate proxy interference - the Nudge domains need to be passed through unmodified, not just allowed.

Step 6: Send a debug report

If the service worker is running but registration still fails, send a debug report from the extension options page. The report includes everything our support team needs to diagnose the issue.

How user registration works

The extension needs two things to register: a deployment key (identifying your organization) and a registered user (identifying the individual). The extension identifies the user automatically so they never have to interact with it. It tries these methods in priority order:

  1. Managed profile policy. Your MDM supplies the user's email through the registered-user policy key, set per machine.

  2. Browser profile. The extension checks whether a user is signed into the browser profile (Google or Microsoft account).

  3. Google/Microsoft login. When the extension observes a login to Google or Microsoft, it uses that session's username.

  4. Login threshold. After three successful logins across three websites with the same corporate email, that user is used for registration.

  5. Webmail. When the user opens Gmail or Microsoft web-based email, the extension uses the authenticated email address.

Once a user is identified, the backend verifies them. If the user exists in your organization and the deployment key is valid, the browser profile receives an API key.

If the status is stuck at WAITING_FOR_REGISTERED_USER and browser profile detection isn't working, verify the browser has a signed-in account, or have the user log into Google or Microsoft to trigger discovery. You can check what the browser reports by running this JavaScript in the service worker console:

chrome.identity.getProfileUserInfo(info => {   console.log(info);   // { email: "", id: "" } OR populated });

Common registration failures

The options page shows a registration summary with the GUID, deployment key prefix, and any registrationFailure reason. Possible values:

Failure

Cause

EXPIRED_DEPLOYMENT_KEY

The deployment key has expired.

BAD_DEPLOYMENT_KEY

The key format is invalid.

UNAPPROVED_USER

The user's email isn't approved. This user is blocked from future attempts.

UNAPPROVED_USER_SOURCE

The discovery method that found the user isn't approved.

Personal email addresses (gmail.com, yahoo.com, hotmail.com, and similar) are automatically rejected and won't register.

Blocked users. When a user is rejected with UNAPPROVED_USER, their email lands on a blocked list, shown as blockedUsers and blockedUserSources in the registration summary. These lists are cleared on extension reload—so once you've approved the user, restart the extension to let them retry.

Changed deployment keys. If the deployment key changes in managed storage, the extension resets and re-registers. Confirm the managed key matches the intended value. If registration is stuck or stale after a key change, use Reset Installation on the options page to clear extension storage and force a clean registration.

Still stuck?

Send a debug report from the extension options page, then contact Nudge Security support and let us know you've sent it. Include the registration status you're seeing and any console errors you noted along the way.

Related Articles
Deploy Nudge Browser Extension through Intune
Deploy the Nudge Security Browser Extension to MacOS through Jamf
Deploy Nudge Browser Extension through Iru (formerly Kandji)
How to Update the Nudge Security Browser Extension
Deploy the Nudge Security Browser Extension to Safari
Did this answer your question?