CanIPhish can integrate directly with Google Workspace through the Gmail API. Using this API we can inject simulated phishing and notification emails directly into employee inboxes, bypassing the need for traditional email allowlisting!
Table of contents:
- Step 1. Specify The Integration Name
- Step 2. Assign Permissions To The CanIPhish Service Account
- Step 3. Validate Service Account Connectivity
- Frequently Asked Questions
Step 1. Specify The Integration Name
1.1. Login to your CanIPhish account and navigate to the Email Providers page and then click the New Integration button on the Google Workspace Direct Email Injection row:
1.2. In the popup that appears, specify a unique integration name (you can setup multiple DMI integrations and this name is used to distinguish between them):
Step 2. Assign Permissions To The CanIPhish Service Account
2.1. You will see a prepopulated Client ID for the Service Account that CanIPhish has created for your tenant. Permissions need to be assigned to this Service Account. Make note of the Client ID, as this will be needed in a later step:
2.2. Open a new browser tab and log in to the Google Admin Console.
2.3. Go to Security > Access and data control > API Controls:
2.4. Click on "MANAGE DOMAIN WIDE DELEGATION" at the bottom of the page:
2.5.Click the Add new button next to the API clients field:
2.6. In the Client ID field, enter the Client ID copied earlier (In Step 1.3).
2.7. In the OAuth scopes field, enter the following OAuth Scope and then click AUTHORIZE:
https://www.googleapis.com/auth/gmail.insert
Step 3. Validate Service Account Connectivity
3.1. Go back to the CanIPhish Cloud Platform browser tab.
3.2. Validate that the integration is functioning by providing the email address of a user who has a valid Google Workspace email inbox, and then click Validate Connection. A simple test is run to see if an email can be injected into users mailbox via Google's Gmail API. If successful, you will be notified via a small success popup.
3.3. If the integration is successfully validated, click Save to complete the integration process.
3.4. As a final and optional step, you can set the new integration to be your default mail server. This means it will be selected by default whenever a new campaign is created or notifications are being sent out:
Frequently Asked Questions
What happens if a user doesn't exist within the Google Workspace Tenant?
If the user is sent a simulated phishing email, an error will appear next to their email address within the affected campaign, making a note of the issue. If the user is sent a notification, then a fallback to use CanIPhish email servers will occur to ensure the notification is still sent.
Comments
0 comments
Please sign in to leave a comment.