Implementing Application Experience Management

Everything you need to know about getting Application Experience Management (AXM) installed and running in your environment.

Role-Based Access Control (RBAC) for AXM

As an Administrator, you need to enhance security and access control. By using RBAC, you can provide a more granular level of access to features and data. This allows you to control user access based on their roles and responsibilities, improving security and ensuring that users have the appropriate level of access.

The following roles are available for AXM:

Role name

Description

Application Experience Management Administrator
  • Full app control.
  • Can configure monitoring and observe dashboards and individual application data.

Application Experience Management User
  • Can observe dashboards and individual application data without configuration abilities.

1E Client configuration

The 1E Client supports AXM by providing user activity data for both installed applications and SaaS applications.

Gathering user activity data for these applications requires two different techniques:

  • Installed applications - we use the 1E Client Interaction UI to track things like per logged on user:

    • Which window is active and if the user is interacting with it.

    • How responsive the window is, for example the foreground cursor.

    • Stability - hangs, crashes.

    • Responsiveness - busy cursor, poor response.

  • SaaS applications - we need insight into what is going on inside the user’s browser; the way we achieve this is using the AXM Browser Extension, which captures Core Web Vitals metrics: for administrator defined web sites.

AXM Browser Extension

The data for end-users interaction with Web Applications is provided using a browser extension for Chromium-based browsers. This is needed because user browser activity is only easily available from within the browser process itself.

1E has created a browser extension that ships with the 1E Client. It is embedded as a resource within the Interaction module settings.

Supported platforms and browsers

 

Google Chrome

Microsoft Edge

Automated deployment

Deployment guides

Windows

✓ (for domain joined devices)

Microsoft Windows

MacOS

X

macOS

Linux

X

Linux

Deploying AXM web monitoring

This section walks you through deploying and removing the AXM browser extension on the following operating systems.

On Windows, deployment and removal is handled by the 1E Client service itself without any user interaction.

Deployment:

This deployment method is only supported on enterprise managed devices. Please refer to Chrome documentation for a description of supported technologies https://admx.help/?Category=Chrome&Policy=Google.Policies.Chrome::ExtensionInstallForcelist.

  1. By default for 1E Client 24.5, AXM web monitoring is disabled, you can enable it by toggling the Module.Interaction.WebSessions.Enabled configuration setting to true. You can do this by one of the following methods:

    • Setting it in the 1E.Client.conf file.

    • Setting it at install time be passing the mentioned property to MSIEXEC.

    • Use the Client Deployment Assistant (CDA) to deploy the 1E Client, and change the value of Module.Interaction.WebSession from false to true, prior to running the CDA.

    • If you have already deployed the 1E Client, you can run this instruction using Endpoint Troubleshooting:

      Set 1E Client configuration property <agentconfig> to <agentconfigvalue> and restart the service after a short random delay

      With the values selected:  Set 1E Client configuration property "Module.Interaction.WebSession.Enabled" to "true" and restart the service after a short random delay

  2. When enabled, the 1E Client service ensures the correct registry settings are in place for the AXM browser extension on each startup. The deployment is carried out for both Google Chrome and Microsoft Edge browsers.

  3. At this point the AXM extension will be deployed by the running 1E Client service. You can find it under the extensions page after a browser restart.

  4. You will be able to see the Your browser is managed by your organization on the extension page as follows:

Removal:

You can remove the AXM extension using the 1E Client service.

If the Module.Interaction.WebSessions.Enabled is set to false, the 1E Client will delete the relevant registry key values corresponding to the 1E Client and remove the AXM extension. The same process is also triggered when the 1E Client is uninstalled.

You can deploy the MacOS configuration profile in two ways, MDM or manually.

The 1E web extension for MacOS can only be deployed on Enterprise Managed Devices.

MDM:

  • Your IT team must deploy this configuration profile using their respective MDM tool.

  • If the browser (Chrome or Edge) is already running it will need to be restarted before the web extension loads.

Manual steps (User Interaction):

  1. Download the configuration profile for Mac OS.

  2. Double click the file to install the configuration profile.

  3. A notification will show on the top right corner of the window.

  1. Navigate to the profile window using this path: choose Apple menu > System Settings, click Privacy and Security in the sidebar, then click Profiles.

  2. Click the 1E Web Extension Settings entry in the downloaded list and complete the steps to set up the admin password as prompted.

  3. At this point the AXM extension will be deployed by the running 1E Client service if the Module.Interaction.WebSessions.Enabled configuration setting is set to true. After restarting the browser you can find it under the extensions page.

  4. You will be able to see the Your browser is managed by your organization on the extension page.

Removal:

You can remove the MacOS extension using either MDM which is the preferred way, or using manual steps (user interaction).

MDM (preferred):

  • Your IT team should pull this configuration profile back using their respective MDM tool

  • If the browser (Chrome or Edge) is already running it will need to be restarted before the web extension unloads.

Manual steps (user interaction):

Navigate to the profile window as follows:

  1. On your Mac, choose Apple menu > System Settings, click Privacy and Security in the sidebar, then click Profiles.

  2. Select the 1E Web Extension Settings entry form the list.

  3. Click the “-” icon at the bottom to remove the selected profile and select Remove button on the window.

  4. Enter the password for admin account to complete the removal of the 1E Web Extension Configuration Profile.

The deployment is handled by the 1E Client service itself without any user interaction. You can also deploy manually.

Deployment using the 1E Client service:

The 1E Client service is responsible for deploying and removing the 1E AXM browser extension according to the value of the configuration setting Module.Interaction.WebSession.Enabled. If set to true, the 1E AXM browser extension is deployed and removed if set to false.

Refer to 1E Client configuration for details.

Manual steps:

  1. Create the following directory if it does not already exist:

    1. Google Chrome /etc/opt/chrome/policies/managed

    2. Microsoft Edge /etc/opt/edge/policies/managed

  2. If the above directory was already present and a *.json file already existed, add the following key value pairs corresponding to the AXM extension. These keys are arrays of strings and if already present in the *.json file add the values to the corresponding keys as strings to the array:

    1. ExtensionInstallAllowlist: [ceiaibmchnpfjpehgahbnefnchamhgop]

    2. ExtensionInstallForcelist: [ceiaibmchnpfjpehgahbnefnchamhgop;http://localhost:7781/axm/web/extension.xml]

    3. ExtensionInstallSources: [http://localhost:7781/*]

  3. If a *.json is not present create an empty file named Policies.json and add the following lines to it:

    Copy 
    {
      "ExtensionInstallAllowlist":["ceiaibmchnpfjpehgahbnefnchamhgop"],
      "ExtensionInstallForcelist":["ceiaibmchnpfjpehgahbnefnchamhgop;http://localhost:7781/axm/web/extension.xml"],
      "ExtensionInstallSources":["http://localhost:7781/*"]
    }

  4. At this point the AXM extension will be deployed by the running the 1E Client service if the Module.Interaction.WebSessions.Enabled configuration setting is set to true. You should be able to find it under the extensions page after a browser restart.

  5. You will be able to see the Your browser is managed by your organization on the extension page as follows:

Removal:

You can remove the AXM extension using the 1E Client service. If the Module.Interaction.WebSessions.Enabled is set to false, the 1E Client will delete the relevant registry key values corresponding to the 1E Client and remove the AXM extension. The same process is also triggered when the 1E Client is uninstalled.

Manual steps:

To remove the extension you can remove the values from the *.json file added as part of the deployment steps. If a *.json file was not already being used to manage the browser you can completely delete the file.