New
Discover how Dropbox streamlined dev environments & cut costs by switching 1000 developers to Coder

Read the success story

81.5KGet a Demo
About
Architecture
Installation
Kubernetes
Docker
OpenShift
Offline deployments
External database
Uninstall
1-click install
Releases
Platforms
AWS
Azure
Docker
GCP
Kubernetes
Additional clusters
Deployment logs
Other platforms
Templates
Working with templates
Your first template
Guided tour
Setting up templates
Change management
Provider authentication
Resource persistence
Terraform modules
Customizing templates
Agent metadata
Resource metadata
UI Resource Ordering
Parameters
Variables
Administering templates
General settings
Permissions
Workspace Scheduling
Open in Coder
Docker in workspaces
Dev Containers
Troubleshooting templates
Process Logging
Icons
Workspaces
IDEs
Web IDEs
JetBrains Gateway
Emacs
Remote Desktops
Networking
Port Forwarding
STUN and NAT
Dotfiles
Secrets
Administration
Authentication
Users
Groups
RBAC
Configuration
External Auth
Upgrading
Automation
Scaling Coder
Reference Architectures
Up to 1,000 users
Up to 2,000 users
Up to 3,000 users
External Provisioners
Workspace Proxies
Application Logs
Audit Logs
Quotas
High Availability
Prometheus
Appearance
Telemetry
Database Encryption
Deployment Health
Enterprise
Contributing
Code of Conduct
Feature stages
Documentation
Security
Frontend
API
General
Agents
Applications
Audit
Authentication
Authorization
Builds
Debug
Enterprise
Files
Git
Insights
Members
Organizations
PortSharing
Schemas
Templates
Users
WorkspaceProxies
Workspaces
Command Line
autoupdate
coder
config-ssh
create
delete
dotfiles
external-auth
external-auth access-token
favorite
features
features list
groups
groups create
groups delete
groups edit
groups list
licenses
licenses add
licenses delete
licenses list
list
login
logout
netcheck
open
open vscode
ping
port-forward
provisionerd
provisionerd start
publickey
rename
reset-password
restart
schedule
schedule override-stop
schedule show
schedule start
schedule stop
server
server create-admin-user
server dbcrypt
server dbcrypt decrypt
server dbcrypt delete
server dbcrypt rotate
server postgres-builtin-serve
server postgres-builtin-url
show
speedtest
ssh
start
stat
stat cpu
stat disk
stat mem
state
state pull
state push
stop
support
support bundle
templates
templates archive
templates create
templates delete
templates edit
templates init
templates list
templates pull
templates push
templates versions
templates versions archive
templates versions list
templates versions unarchive
tokens
tokens create
tokens list
tokens remove
unfavorite
update
users
users activate
users create
users delete
users list
users show
users suspend
version
Security
API tokens of deleted users not invalidated
FAQs
Guides
Generate a Support Bundle
Configuring Okta
Google to AWS Federation
JFrog Artifactory Integration
Island Secure Browser Integration
Template ImagePullSecrets
Postgres SSL
Azure Federation
Scanning Coder Workspaces with JFrog Xray
Home
/
Guides
/
Island Secure Browser Integration

Island Secure Browser Integration

Island Browser Integration

April 24, 2024

Island is an enterprise-grade browser, offering a Chromium-based experience similar to popular web browsers like Chrome and Edge. It includes built-in security features for corporate applications and data, aiming to bridge the gap between consumer-focused browsers and the security needs of the enterprise.

Coder natively integrates with Island's feature set, which include data loss protection (DLP), application awareness, browser session recording, and single sign-on (SSO). This guide intends to document these feature categories and how they apply to your Coder deployment.

General Configuration

Create an Application Group for Coder

We recommend creating an Application Group specific to Coder in the Island Management console. This Application Group object will be referenced when creating browser policies.

See the Island documentation for creating an Application Group.

Advanced Data Loss Protection

Integrate Island's advanced data loss prevention (DLP) capabilities with Coder's cloud development environment (CDE), enabling you to control the “last mile” between developers’ CDE and their local devices, ensuring that sensitive IP remains in your centralized environment.

Block cut, copy, paste, printing, screen share

  1. Create a Data Sandbox Profile

  2. Configure the following actions to allow/block (based on your security requirements):

  • Screenshot and Screen Share
  • Printing
  • Save Page
  • Clipboard Limitations

  1. Create a Policy Rule to apply the Data Sandbox Profile

  2. Define the Coder Application group as the Destination Object

  3. Define the Data Sandbox Profile as the Action in the Last Mile Protection section

Conditionally allow copy on Coder's CLI authentication page

  1. Create a URL Object with the following configuration:
  • Include
  • URL type: Wildcard
  • URL address: coder.example.com/cli-auth
  • Casing: Insensitive

  1. Create a Data Sandbox Profile

  2. Configure action to allow copy/paste

  3. Create a Policy Rule to apply the Data Sandbox Profile

  4. Define the URL Object you created as the Destination Object

  5. Define the Data Sandbox Profile as the Action in the Last Mile Protection section

Prevent file upload/download from the browser

  1. Create a Protection Profiles for both upload/download

  1. Create a Policy Rule to apply the Protection Profiles

  2. Define the Coder Application group as the Destination Object

  3. Define the applicable Protection Profile as the Action in the Data Protection section

Scan files for sensitive data

  1. Create a Data Loss Prevention scanner

  2. Create a Policy Rule to apply the DLP Scanner

  3. Define the Coder Application group as the Destination Object

  4. Define the DLP Scanner as the Action in the Data Protection section

Application Awareness and Boundaries

Ensure that Coder is only accessed through the Island browser, guaranteeing that your browser-level DLP policies are always enforced, and developers can’t sidestep such policies simply by using another browser.

Configure browser enforcement, conditional access policies

  1. Create a conditional access policy for your configured identity provider.

Note: the configured IdP must be the same for both Coder and Island

Browser Activity Logging

Govern and audit in-browser terminal and IDE sessions using Island, such as screenshots, mouse clicks, and keystrokes.

Activity Logging Module

  1. Create an Activity Logging Profile

Supported browser events include:

  • Web Navigation
  • File Download
  • File Upload
  • Clipboard/Drag & Drop
  • Print
  • Save As
  • Screenshots
  • Mouse Clicks
  • Keystrokes

  1. Create a Policy Rule to apply the Activity Logging Profile

  2. Define the Coder Application group as the Destination Object

  3. Define the Activity Logging Profile as the Action in the Security & Visibility section

Identity-aware logins (SSO)

Integrate Island's identity management system with Coder's authentication mechanisms to enable identity-aware logins.

Configure single sign-on (SSO) seamless authentication between Coder and Island

Configure the same identity provider (IdP) for both your Island and Coder deployment. Upon initial login to the Island browser, the user's session token will automatically be passed to Coder and authenticate their Coder session.

See an opportunity to improve our docs? Make an edit.
On this page