Comment on page

AARI Extensions Enterprise IT Setup Guide


This guide is intended for Enterprise IT Administrators provisioning AARI Extensions within their organization.

Networking/Firewall Rules

Outbound Hostnames from the Browser

Outbound hosts to allowlist from client devices:
For more information, see Network/Email Firewall Configuration.

Inbound On-Premise Control Room Firewall Rules

📧 Before configuring your Control Room in the Admin Console, contact PixieBrix support ([email protected]) to enable the static IP feature on your Control Room.
Firewall, port, and protocol requirements for Automation Anywhere deployment: Automation 360 Ports, protocols, and firewall requirements
The PixieBrix Web Service makes API calls to the Control Room API for syncing permissions and AARI Extensions. If you’re running your Control Room behind a firewall (e.g. inside a VPC) the, the firewall may block inbound traffic from the PixieBrix Web Service, causing the integration not to function
Error in Admin Console if the PixieBrix service cannot reach the Control Room
To fix this, you’ll need to allowlist incoming PixieBrix traffic in your firewall configuration. The PixieBrix platform provides a load-balanced pair of IP addresses so if one IP fails, traffic will automatically route through the second IP with health checks and automated failover. The PixieBrix static outbound IP addresses and ports are:

Chrome Browser Extension Distribution

For detailed information on provisioning the Chrome Browser Extension to your organization, see: Broken link

Browser Support

Officially, AARI Extensions support the latest two versions of the Chrome Web Browser.
AARI Extension is also known to work on Microsoft Edge for most use cases. To confirm support for your use case, email [email protected]

Browser Extension Installation

Force install browser extension via Google Workspace, Group Policy, or your Enterprise Device Management policy:
  • Display Name: PixieBrix
  • Chrome Web Store ID: mpjjildhmpddojocokjkgmlkkkfjnepo

Browser Extension Managed Storage Configuration

Enterprise Browser Extensions are configured using Chrome’s managed storage feature. For end-users, set the following extension properties:
REG_SZ (string)
The UUID of the PixieBrix tenant
Enforces association with a particular PixieBrix tenant
REG_SZ (string)
Applies Automation Anywhere branding and enforces Control Room authentication
REG_SZ (string)
URL (including scheme) of the Control Room to connect to
Pre-fills the controlRoomUrl for connecting the Automation Anywhere
Locating the UUID of the PixieBrix tenant
The UUID of the PixieBrix tenant is in the URL path when the team is selected:
The team UUID in the URL
On Windows, use the registry to set the properties for the extension:


The initial AARI Extensions setup requires the Admin to login via Google, Microsoft, or email. After the initial setup, AARI users will login with Automation Anywhere using Automation Anywhere OAuth2 services support.

Login with Automation Anywhere Control Room

See Use AuthConfig App to enable OAuth2 services in the Automation Anywhere documentation portal for how to set up Login with Automation Anywhere

Login with Google

To enable Login with Google, ensure the following Google Client is in the allowlist:
  • Display name: PixieBrix
  • Client Id:

Login with Microsoft

To enable Login with Microsoft, ensure the following Azure Application is in the allowlist:
  • Display name: PixieBrix
  • Application (client) ID: add06cfe-a38f-443f-9572-dd92ec7ab06b

Login with Email

To enable login by email (magic link), ensure the following IP is in the allowlist:
  • Domain:
For more information, see Network/Email Firewall Configuration

Security Resources

Additional security information on the Chrome Browser Extension is available in the Broken link article.

Additional Resources