Without the extension, Nudge Security discovers apps and accounts through email-based signals (signup confirmations, password resets), OAuth grants, SSO authentication, and connected app integrations. The extension adds another layer:

Activity monitoring. See who's logging into which apps, who's signing up for new accounts, and whether MFA is enabled or disabled - in real time rather than waiting for email signals.

Browser nudges. Nudge users at the moment they're about to take an action, not just after. For example, when someone visits the login or registration page of a not-permitted app, the extension can display a browser prompt explaining that the app isn't permitted and showing the approved alternative. This is different from email nudges, which arrive after the signup has already happened.

Password reuse and weak password detection. Identify when users are reusing passwords across SaaS apps or using a weak password.

File upload and API key detection. See when users upload files to SaaS apps or copy and paste API keys.

AI conversation monitoring. Track which AI tools people are actively using, detect when sensitive data (like credit card numbers or secrets) is submitted in AI prompts, and optionally retain the full prompt for review.

Go to Settings > Browser Extension in the left nav, then click Enroll New Users and Manage Deployment.

If you manage Chrome centrally through Google Workspace, you can deploy the extension through a managed Chrome profile. This is the most seamless option for Google Workspace shops. Users don't need to do anything manually.

If you use a device management tool like Jamf, Intune, Sophos, or similar:

Click Device Management in the deployment drawer and then Confirm Browsers to see the specific files and scripts for your platform.

Users can install the extension themselves from the Chrome Web Store. This works for small teams or as a starting point for testing while you set up centralized deployment. On the Enroll New Users page, you'll find a link you can share.

Once the extension is deployed, go to Settings > Browser Extension to configure what it does. Features are controlled by toggles:

Visit not-permitted apps (browser nudge). When enabled, users who visit the login or registration page of a not-permitted app see a browser prompt. If you've approved an alternative in the same category (e.g., Gemini is approved and OpenAI is not permitted), Nudge Security automatically shows the approved alternative in the browser prompt.

AI conversation monitoring. At a minimum, this shows you which AI tools people are spending time in. You can also enable sensitive data detection to flag when someone submits sensitive information in an AI prompt, and optionally retain the full prompt text for review.

Password reuse detection, file upload tracking, and API key detection. Each of these can be toggled independently based on your security priorities.

Deploy to your IT and security team first using the individual deployment. This lets you see the experience firsthand - what browser nudges look like, what data comes in - before rolling it out to everyone.

Enable features incrementally. Start with activity monitoring and browser nudges for not-permitted apps. Add AI conversation monitoring and sensitive data detection once you're comfortable with the baseline.

Pair with workforce communication. If you haven't told your organization about Nudge Security yet, the browser extension - especially browser nudges - will be the most visible part of the product. Deploy it after you've sent your workforce communication, or at least at the same time.

With the extension deployed, you'll start seeing richer activity data in your user profiles and the AI dashboard. Head to Connect your apps and configure settings to round out your initial setup.