Protegrity Browser Protector: Enterprise Data Protection via Chrome Extension (MV3) with Microsoft Entra ID SSO

By Dinesh Krishnamurthy

Mar 20, 2026

Summary

5 min

Secure browser-based data protection with enterprise controls:
Protegrity Browser Protector enables users to protect and unprotect data directly inside web applications while integrating with enterprise SSO, Protegrity Cloud APIs, and ESA policy enforcement.
Built on a security-conscious Chrome Extension MV3 architecture:
The post explains how Browser Protector separates browser interaction from server-side execution, using Microsoft Entra ID for authentication and backend services for policy validation and data security operations.

Chrome Extension Architecture (MV3)

Protegrity Browser Protector is a Chrome extension that enables protect and unprotect operations directly within web applications. The extension communicates with Azure AD for authentication and authorization operations, and Protegrity Cloud APIs and Enterprise Security Appliance (ESA) services for data security operations.

Protegrity Browser Protector Demo

The following video shows how the Browser Protector extension is deployed, authenticated through enterprise SSO, and used to perform protect and unprotect operations governed by ESA policy.

Watch it on YouTube: https://youtu.be/yvVuhVWDAh0

Architecture Overview

Browser Protector consists of three primary components:

Front End — Chrome Extension
The extension runs within the browser and provides the user interface and interaction with web page content.
Authentication Layer — Microsoft Entra ID
Authentication is handled through enterprise SSO using OAuth 2.0 and JWT token exchange.
Backend Services — Protegrity Cloud APIs and ESA
Backend services validate authentication, evaluate policy, and execute data security operations.

All protect and unprotect operations are executed server-side. The extension coordinates user interaction and securely delegates operations to backend services.

Browser Protector architecture. The extension authenticates through Microsoft Entra ID and delegates protect and unprotect operations to Protegrity Cloud APIs governed by ESA policy.

Chrome Extension

To understand the security model, it helps to start with how Chrome extensions are structured under Manifest V3 (MV3).

Chrome extensions are composed of the following:

Manifest — Defines resources, declares permissions, and identifies which files run in the background and on the page.
Content scripts — Run JavaScript in the context of a web page and can send/receive messages to/from the background script.
Service worker (background script) — Runs in the background and handles browser events such as activating or closing a tab. It does not have direct access to the DOM.
Toolbar action — Executes code when the user clicks on the extension toolbar icon or shows a popup using the Action API.
Side panel — Displays custom UI in the browser’s side panel.
Popup — Extension UI that appears when the extension icon is clicked.

Each component plays a distinct role in the extension lifecycle. Clear separation of responsibilities reduces the likelihood of unintended data exposure or privilege escalation.

Developing a Chrome extension for browser protection requires careful attention to security since extensions are inherently untrusted—their code is visible, can be modified, and is susceptible to replay attacks.

Because extension code runs on the client and can be inspected, sensitive operations are isolated from the browser runtime and handled by backend services.

The background service worker functions as a message hub and controller. It owns core logic, handles API calls, and manages browser events. Because it is event-driven and independent of the popup lifecycle, it ensures operational continuity even when UI components are destroyed (popups are temporary and destroyed when closed).