This article consists of the instructions on how to correctly setup HENNGE Email DLP so that it is fully functional within your G Suite domain environment. After completing this setup, you will be able to start using the features of HENNGE Email DLP such as mail suspension, email filtering, mail approval and more.

For the set values, please see your Connection Settings document that we have provided.

This setup consists of five parts:

1) Setup Prerequisites

2) Inbound Gateway Settings

3) Creating New Host

4) Sending Routing Settings

5) Email DLP Admin Console Settings

6) OpenID Connect

1) Setup Prerequisites

Register a new SPF record for all the your domains to your DNS server.

The purpose of registering a new SPF record is to allow our service to send emails on behalf of your domain(s). The following is the SPF record:

v=spf1 include:_spf.google.com include:[xxx].hdemail.jp ~all

As we are unable to access to the DNS settings of your network environment, you might want to cooperate with the network administrator of your office environment to complete this process.

2) Inbound Gateway Settings

Step 1 - Log in to your Google Admin Console.

Step 2 - In the Admin Console interface, click on "Apps".

Step 3 - In the "Apps" interface, click on "Google Workspace". 

Step 4 - In the Google Workspace interface, click on "Gmail".

Step 5 - In the "Settings for Gmail", click on "Advanced settings".

Step 6 - In the "Advanced settings" interface, in the "General Settings" tab, scroll to the "Spam" settings and at "Inbound gateway", click "CONFIGURE".

Step 7 - Please name this new Inbound gateway "HENNGE One Inbound gateway". Then for the "Gateway IPs", click "ADD". There is a list of IP addresses that you can find in your Connection Settings document that we have provided. Please add each and every single one of the IP addresses in the list into the Gateway IPs. 

Step 8 - Please click "ADD SETTING" after all of the IP addresses are inputted into the Gateway IPs.

Step 9 - After added the "HENNGE One Inbound gateway", review the settings once more and click the "Save" button at the bottom right of the interface after ensuring the Inbound gateway is properly set up. 

3) Creating New Host

Step 1 - In the "Advanced settings" interface, switch from "General Settings" to "Hosts" tab. In the "Hosts" interface, click on "ADD ROUTE".

Step 2 - Please name this mail route as "HENNGE One Email DLP". For the email server, select "Single Host" as the server type and enter "mo.yourdomain.hdemail.jp" and input "25" for the allowed port. Check only the option "Require secure transport (TLS)". Click "Save" to finish this step.

4) Sending Routing Settings

Step 1 - In the "Advanced settings", switch to "General Settings" tab. Scroll down to "Routing" section and click "CONFIGURE" for "Sending routing".

Step 2 - Please name this new sending routing as "HENNGE One Email DLP Sending Routing" and check both the "Outbound" and "Internal - sending". 

Step 3 - Then, for "Route", check the "Change route" option and select "HENNGE One Email DLP" as the route. Click "ADD SETTING" to finish this step.

5) Email DLP Admin Console Settings (Email DLP Admin Only)

This part is only required to be performed by the Email DLP Administrator.

Step 1 - Changing the Internal Domain in Mail Groups

Step 2 - Changing the Domain in Rule Group

6) OpenID Connect 

Step 1 - Log in to your Google Admin Console.

Step 2 - In the Admin Console interface, click on "Apps".

Step 3 - In "Apps" interface, click "Additional Google services". 

Step 4 - Please click "Google Developers Console".

Step 5 - Please turn on Google Developers Console for everyone as shown below.

Step 6 - Click "TURN ON FOR EVERYONE". It is to allow you to create new project in the following steps.

Step 7 - While logged in with a Google administrator account, log on to “https://console.developers.google.com/project” and click "Create project".

Step 8 - Please name the new project "HENNGE One Email DLP".

Click "Edit" to edit the project ID. Please enter "mo-yourdomain-hdemail-jp" with your actual domain name replacing the "yourdomain" in the sample below.

Step 9 - After the project creation, in the project Dashboard, click on the "Use Google APIs".

Step 10 - In the project API interface, in "API" tab, click on "Credentials" and click on "OAuth consent screen" to input "Email address", "Product name shown to users" and "Homepage URL" accordingly as shown below. Click "Save" after the details are filled in.

Step 11 - After saving the OAuth consent screen settings, switch the the "Credentials" tab and click on "Add credentials". Select "OAuth 2.0 client ID".

Step 12 - In the "Create client ID" interface, select "Web application" as the "Application type". Name the client ID "HENNGE One Email DLP Client". As for the Authorized JavaScript origins and Authorized redirect URIs, you can find these details in your Connection Settings document that we have provided. 

Step 13 - After the creation of the client ID, go to the "Credentials" tab and look for the newly created client ID and click on the download button to download the client secret as a .json as shown below. Once you have obtained the .json file, contact our support staff and provide us the downloaded .json file so we could upload it to our server in order to proceed with the final step to complete the entire setup.