Setting Up HDE Email DLP (G Suite)

This article consists of the instructions on how to correctly setup HDE Email DLP so that it is fully functional within your G Suite domain environment. After completing this setup, you will be able to start using the features of HDE Email DLP such as mail suspension, email filtering, mail approval and more.

For the set values, please see your Connection Settings document that we have provided.

This setup consists of five parts:

1) Setup Prerequisites

2) Inbound Gateway Settings

3) Creating New Host

4) Sending Routing Settings

5) Email DLP Admin Console Settings

6) OpenID Connect

 

1) Setup Prerequisites

Register a new SPF record for all the your domains to your DNS server.

The purpose of registering a new SPF record is to allow our service to send emails on behalf of your domain(s). The following is the SPF record:

v=spf1 include:_spf.google.com include:[xxx].hdemail.jp ~all

As we are unable to access to the DNS settings of your network environment, you might want to cooperate with the network administrator of your office environment to complete this process.

2) Inbound Gateway Settings

Step 1 - Log in to your Google Admin Console.

Step 2 - In the Admin Console interface, click on "Apps".

Step 3 - In the "Apps" interface, click on "G Suite". 

Step 4 - In the G Suite interface, click on "Gmail".

Step 5 - In the "Settings for Gmail", click on "Advanced settings".

Step 6 - In the "Advanced settings" interface, in the "General Settings" tab, scroll to the "Spam" settings and at "Inbound gateway", click "CONFIGURE".

Step 7 - Please name this new Inbound gateway "HDE One Inbound gateway". Then for the "Gateway IPs", click "ADD". There is a list of IP addresses that you can find in your Connection Settings document that we have provided. Please add each and every single one of the IP addresses in the list into the Gateway IPs. 

Step 8 - Please click "ADD SETTING" after all of the IP addresses are inputted into the Gateway IPs.

Step 9 - After added the "HDE One Inbound gateway", review the settings once more and click the "Save" button at the bottom right of the interface after ensuring the Inbound gateway is properly set up. 

 

3) Creating New Host

Step 1 - In the "Advanced settings" interface, switch from "General Settings" to "Hosts" tab. In the "Hosts" interface, click on "ADD ROUTE".

Step 2 - Please name this mail route as "HDE One Email DLP". For the email server, select "Single Host" as the server type and enter "mo.yourdomain.hdemail.jp" and input "25" for the allowed port. Check only the option "Require secure transport (TLS)". Click "Save" to finish this step.

 

4) Sending Routing Settings

Step 1 - In the "Advanced settings", switch to "General Settings" tab. Scroll down to "Routing" section and click "CONFIGURE" for "Sending routing".

 

Step 2 - Please name this new sending routing as "HDE One Email DLP Sending Routing" and check both the "Outbound" and "Internal - sending". 

Step 3 - Then, for "Route", check the "Change route" option and select "HDE One Email DLP" as the route. Click "ADD SETTING" to finish this step.

5) Email DLP Admin Console Settings (Email DLP Admin Only)

This part is only required to be performed by the Email DLP Administrator.

Step 1 - Changing the Internal Domain in Mail Groups

Step 2 - Changing the Domain in Rule Group

 

6) OpenID Connect 

Step 1 - Log in to your Google Admin Console.

Step 2 - In the Admin Console interface, click on "Apps".

Step 3 - In "Apps" interface, click "Additional Google services". 

Step 4 - Please click "Google Developers Console".

Step 5 - Please turn on Google Developers Console for everyone as shown below.

Step 6 - Click "TURN ON FOR EVERYONE". It is to allow you to create new project in the following steps.

Step 7 - While logged in with a Google administrator account, log on to “https://console.developers.google.com/project” and click "Create project".

1.png

Step 8 - Please name the new project "HDE One Email DLP".

2.png

Click "Edit" to edit the project ID. Please enter "mo-yourdomain-hdemail-jp" with your actual domain name replacing the "yourdomain" in the sample below.

3.png

Step 9 - After the project creation, in the project Dashboard, click on the "Use Google APIs".

Step 10 - In the project API interface, in "API" tab, click on "Credentials" and click on "OAuth consent screen" to input "Email address", "Product name shown to users" and "Homepage URL" accordingly as shown below. Click "Save" after the details are filled in.

4.png

Step 11 - After saving the OAuth consent screen settings, switch the the "Credentials" tab and click on "Add credentials". Select "OAuth 2.0 client ID".

5.png

Step 12 - In the "Create client ID" interface, select "Web application" as the "Application type". Name the client ID "HDE One Email DLP Client". As for the Authorized JavaScript origins and Authorized redirect URIs, you can find these details in your Connection Settings document that we have provided

6.png

Step 13 - After the creation of the client ID, go to the "Credentials" tab and look for the newly created client ID and click on the download button to download the client secret as a .json as shown below. Once you have obtained the .json file, contact our support staff and provide us the downloaded .json file so we could upload it to our server in order to proceed with the final step to complete the entire setup.

7.png

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk