- Networking/Firewall Rules
- Outbound Hostnames from the Browser
- Inbound On-Premise Control Room Firewall Rules
- Chrome Browser Extension Distribution
- Browser Support
- Browser Extension Installation
- Browser Extension Managed Storage Configuration
- Browser Extension Runtime Allowed Hosts Configuration
- Login with Automation Anywhere Control Room
- Login with Google
- Login with Microsoft
- Security Resources
- Additional Resources
This guide is intended for Enterprise IT Administrators provisioning AARI Extensions within their organization.
Outbound Hostnames from the Browser
Outbound hosts to allowlist from client devices:
- Automation Anywhere Control Room host
- app.pixiebrix.com: PixieBrix package registry
- api.rollbar.com: error telemetry (optional, facilitates customer support)
- fonts.gstatic.com: fonts (optional)
Inbound On-Premise Control Room Firewall Rules
Firewall, port, and protocol requirements for Automation Anywhere deployment: Automation 360 Ports, protocols, and firewall requirements
The PixieBrix Web Service makes API calls to the Control Room API for syncing permissions and AARI Extensions. If you’re running your Control Room behind a firewall (e.g. inside a VPC) then inbound traffic from the PixieBrix Web Service may be blocked and the integration will not function properly.
To fix this, you’ll need to allowlist incoming PixieBrix traffic in your firewall configuration. We provide a load-balanced pair of IP addresses so if one IP fails, traffic will automatically route through the second IP with health checks and automated failover. The PixieBrix static outbound IP addresses and ports are:
Once your Control Room is successfully configured, contact PixieBrix support (firstname.lastname@example.org) to enable the static IP feature on your Control Room.
Chrome Browser Extension Distribution
Officially, AARI Extensions support the latest two versions of the Chrome Web Browser.
Browser Extension Installation
Force install browser extension via Group Policy:
- Display Name: PixieBrix
- Chrome Web Store ID:
Browser Extension Managed Storage Configuration
Enterprise Browser Extensions are configured using Chrome’s managed storage feature. For end-users, set the following extension properties:
The UUID of the PixieBrix tenant
URL (including scheme) of the Control Room to connect to
On Windows, use the registry to set the properties for the extension:
Browser Extension Runtime Allowed Hosts Configuration
By default, the Browser Extension does not have access to pages or to make network requests. During Authentication (see below), the Browser will prompt the user to grant permission for the Browser Extension to connect to the Control Room.
Additionally, when activating AARI Extensions that run on pages (e.g., Workday), the end-user will be prompted to grant the Browser Extension access to modify those pages.
To pre-allow access to the Control Room and any other pages. Add the URLs to the Runtime Allowed Hosts form the Browser Extension
Hosts to Include
- Control Room URL
- Any websites to pre-allow access for AARI Extensions
Login with Automation Anywhere Control Room
See Use AuthConfig App to enable OAuth2 services in the Automation Anywhere documentation portal for how to set up Login with Automation Anywhere
Login with Google
To enable Login with Google, ensure the following Google Client is in the allowlist:
- Display name: PixieBrix
- Client Id:
Login with Microsoft
To enable Login with Microsoft, ensure the following Azure Application is in the allowlist:
- Display name: PixieBrix
- Application (client) ID:
Our Security and Compliance Overview and Privacy and Security Policies are available publicly.
Additional security information on the Chrome Browser Extension is available in the