Who is this for?

For users who do not want to disable certain Google Workspace whitelisting features, this is an alternative route for sending phishing simulations by inserting the emails directly in an employee's inbox.

Important note: We are aware that the "email opened" statistic is not captured yet. We are working on improving the direct mail injection experience, but for now we recommend primarily reporting the failure rate.

Prerequisites:

• Google Workspace Admin access and ability to access Domain-Wide Delegation

Integration steps in Google Workspace

1. Log in to your Google Workspace admin console.

2. Set Up Domain-Wide Delegation to Jericho's Direct Mail Injection Client:

   • Go to "Security" > "API Controls" > "Manage Domain-Wide Delegation"

   • Add a new Api client

     • Connect to the client id with 103403442276232723996

     • OAuth scopes: https://www.googleapis.com/auth/gmail.modify, https://www.googleapis.com/auth/gmail.insert

     • click authorize

3. NOTE: This authorization only covers one domain; if you are a multi-domain organization, repeat these steps for each domain.

Returning to app.jerichosecurity.com

1. Navigate to Workspace Settings

   •  

2. Scroll down to Direct Mail Injection settings

   • Change the Direct Mail Injection Settings to Google DMI

   •  

   •  

3. Click Save changes

4. The page will refresh, now with an additional option to test your connection via a single email address.