Deployment guide for Offline Mode sync service and browser extension

Offline Mode for passwords allows approved users to view data when the IT Glue web application is under maintenance or temporarily unavailable. The feature works by pulling IT Glue passwords on your device through the Windows sync service and allows you to browse this data through the IT Glue Chrome browser extension.

IMPORTANT The Windows sync service must be installed before adding the Offline Mode Chrome browser extension. An error will appear if you attempt to sign into the browser extension without the sync service. You must set up the Offline Mode feature in the order outlined in this article.

System requirements

The sync service requires the device to run on physical Windows 10 Pro, Windows 11 Pro, or a higher edition. The sync service is not supported on virtual machines.

NOTE IT Glue strongly recommends having disk encryption on the device where the extension is being installed. If your device is compromised, it provides additional security to prevent bad actors from accessing the locally stored IT Glue data maintained by the Windows sync service.

Recommended setup

To limit the replication of IT Glue data files across devices, IT Glue recommends the following setup:

Set up a unique Windows profile on the approved device for each user needing access to the Offline Mode feature on a single secure server. Users can then set up an instance of the browser extension in Chrome from their profiles, and IT Glue data is kept on a single device.
NOTE When Offline Mode access is granted, login is supported only for the user who has set it up. Two different users cannot configure Offline Mode on the same Windows device.
Ensure disk encryption using Microsoft BitLocker is set up on the device where Offline Mode is being installed. If your device is compromised, it provides additional security to prevent bad actors from accessing the locally stored IT Glue data maintained by the Windows sync service.

Enabling Offline Mode for passwords

From the left navigation menu, click Admin.
From the Settings page, click the Offline Mode tab.
Open and review the Offline Mode 101 and IT Glue Security White Paper articles to understand the feature.
Turn on the Enable Offline Mode Extension toggle.
To confirm you understand the security implementations of the articles, enter I UNDERSTAND in the confirmation dialog box.
Click Enable.
In the Security Settings section, enter the following setting values:
- Offline Data Removal: Enter the number of days the Offline Mode browser extension can be offline before automatically removing offline data from the device and revoking access.
- Send Offline Warning Email: Enter the number of days before receiving a warning email about removing data from the device and revoking access. IT Glue will send an automated email to the user informing that the extension will be wiped on the Windows device unless turned on within the specified number of days.
- Extension Session Length: Enter the number of minutes a user can be inactive before they are logged out of the Offline Mode browser extension.
If you made any changes, click Save.

Installing the Offline Mode browser extension

NOTE This tool is exclusively available for Google Chrome browsers; other web browsers are not supported. The original IT Glue/MyGlue browser extensions cannot be used with Offline Mode for passwords.

Within the Offline Mode tab, click Download Extension.
In the new tab that opens, click Add to Chrome.
In the confirmation dialog box, click Add extension to add the IT Glue Offline Mode extension to your Chrome extensions.

With the extension installed, perform the following steps:

In the Chrome toolbar, navigate to Settings > Extensions > Manage Extensions.
In the IT Glue Offline Mode extension tile, click Details.
Turn on the toggle for Allow access to file URLs to grant the extension privileges to communicate with the Offline Mode sync service on your local device, which will prevent the extension from getting stuck in the Sync in Progress status.

Signing in through the Offline mode browser extension

For accounts that utilize single sign-on (SSO), it's crucial to remain on the same browser tab where the IT Glue application is active during the entire setup. This includes the processes of installing the sync service, logging into the extension for the first time, registering, and logging in within the extension, up until the data synchronization is complete.

In Chrome, open the extension.
Log in to the extension using your existing IT Glue user credentials to view the passwords that are obtained through the Windows sync service.

Installing the Windows sync service

Once you have signed into the extension, you are prompted to download the sync service.

Click Download Sync Service.
Open the Offline Mode installer file on your Windows device and follow the steps in the wizard.
Click Let’s Get Started to run the security check. The security check ensures that the device meets the Offline Mode security standards.
Ensure the device settings has enabled and updated Disc Encryption, On-Device Malware Protection, and System Access (found under Update & Security Settings and Group Policy Management Console).
Once the security check is complete, click Next.
NOTE You cannot move to the next step until the security check is successful.
Enter your existing IT Glue Users account region/location, subdomain, username, and password. Click Log In.
NOTE If your account has SSO enabled, you will be redirected to your SSO provider
Enter your IT Glue Users authentication code from your MFA app and click Verify.
The password sync process will begin. Do not exit this window, sync times may vary depending on the number of Passwords that are syncing.
Once the Windows sync service is successfully installed, a message will state Offline Mode Installation Complete!
NOTE To continue syncing IT Glue passwords to the Chrome extension, do not stop or disable the sync service.

Managing Offline mode settings

Administrators can manage the following settings via Admin > Settings > Offline Mode:

Modify security settings.
Disable Offline Mode and all users with granted access.
Revoke individual users with granted access.

The Offline Mode extension has the following default settings:

Removal policy default: 7 days
Removal policy email default: 5 days
Session length default: 30 minutes

NOTE If a user is removed from IT Glue before the user is revoked from Offline Mode, that user will continue to have access to old offline mode data until the date removal period is reached.

Viewing active and pending extension instances

Administrators can review the details of all users who have configured the extension and their devices in the Browser Extension Management table. They can expand the rows to view details about the user and device having or requesting extension access.

Approve an extension access request

Administrators can approve, reject, or revoke extension access by clicking on the tick mark for an instance.

An email is sent to the administrator when someone has requested access, and the requester will receive a notification email when the access is granted.

Revoke an extension access

NOTE Once a user has been revoked, they cannot be re-added to offline mode.

By revoking an instance, the instance of an extension access will no longer be usable (user will be returned to the ‘Configure’ screen after logging in). All IT Glue passwords that synced to the device will be wiped. Administrators can revoke extension access from Account > Settings > Offline Mode by clicking Revoke under the Actions column.

Communicating between the extension and IT Glue server

The extension will attempt to synchronize with IT Glue every hour to get the latest user, organization, and password data. You will see a ‘last synced’ stamp on the extension widget with the time of the last successful sync.

The browser extension will communicate with the Windows sync server that the user installed on their device. The Offline Mode Chrome browser extension will display the passwords that were pulled through the Windows sync service.

Handling MFA resets with IT Glue Offline Mode

Both the IT Glue web application and IT Glue 'Offline' extension share the same MFA/Secret Key. Resetting MFA in IT Glue renders the MFA in offline mode unusable, resulting in an 'Invalid Error' when attempting to log in to the Offline Mode extension. After an MFA reset in IT Glue, it is essential to reinstall IT Glue's sync service. You can accomplish this by navigating to the following drive path: C:/Program Files/IT Glue/IT Glue Offline Mode/itg-offline-mode-installer.msi and reinstalling Offline Mode.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.