diff --git a/src/assets/images/email-security/deployment/api-setup/gmail-bcc-deployment.png b/src/assets/images/email-security/deployment/api-setup/gmail-bcc-deployment.png new file mode 100644 index 00000000000000..0cc84dfa071657 Binary files /dev/null and b/src/assets/images/email-security/deployment/api-setup/gmail-bcc-deployment.png differ diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx new file mode 100644 index 00000000000000..94dbcfd1de122b --- /dev/null +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains.mdx @@ -0,0 +1,38 @@ +--- +title: Connect your domains +pcx_content_type: how-to +sidebar: + order: 3 +--- + +import { GlossaryTooltip } from "~/components" + +On the **Set up Email Security** page: + +1. **Connect domains**: Select at least one domain. Then, select **Continue**. +2. (**Optional**) **Add manual domains**: Select **Add domain name** to manually enter additional domains. Then, select **Continue**. +3. (**Optional**) **Adjust hop count**: Enter the number of hops. Then, select **Continue**. +4. (**Optional**, select **Skip for now** to skip this step) **Move messages**: Refer to [Auto-moves](/cloudflare-one/email-security/auto-moves/) to configure auto-moves. Then, select **Continue**. +5. **Configure service address with your third party email provider**: Copy and paste the service address into your third-party email provider to allow BCC/Journaling: `@CF-emailsecurity.com`. +6. **Review details**: Review your connected domains. Then, select **Go to domains.** + +Your domains are now added successfully. + +On the **Domains** page, select the three dots > **View integration**. The dashboard will display your [domain information](/cloudflare-one/email-security/reference/domain-information/). + +Under **Source**, the dashboard will display **Google integration**, along with the **Integration name**. + +## Add additional domains + +To add additional domains: + +1. Go to **Settings**. +2. Select **Connect an integration** > **BCC/Journaling** > **Integrate with Google** > **Authorize**. +3. **Connect domains**: Select the domains you want to add, then select **Next**. +4. (Optional) Select **Add manual domains**: Enter additional domains manually, then select **Next**. +5. (Optional) Select **Adjust hop count**: Enter the number of hops. +6. **Review details**: Review your selected domains, then use the following email to configure the service address with your third-party email provider: + ```txt + @CF-emailsecurity.com + ``` +7. Select **Save**. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx new file mode 100644 index 00000000000000..340d161ead2930 --- /dev/null +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-auto-moves.mdx @@ -0,0 +1,13 @@ +--- +title: Enable auto-moves +pcx_content_type: how-to +sidebar: + order: 4 +--- + +If you do not have an integration: + +1. Go to **Settings** > **Integrated domains** > Select **View**. +2. Select the three dots > Select **Associate an integration**. +3. Select **Connect an integration**. You will then be redirected to a page where you will [enable your Microsoft integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/#enable-microsoft-integration). +4. Once you have enabled your Microsoft integration, select **Complete Email Security set up**. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration.mdx new file mode 100644 index 00000000000000..f6aee0f5c83a70 --- /dev/null +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration.mdx @@ -0,0 +1,87 @@ +--- +title: Enable Gmail BCC integration +pcx_content_type: how-to +sidebar: + order: 2 +--- + +To enable Gmail BCC integration: + +1. Log in to [Zero Trust](https://one.dash.cloudflare.com/). +2. Select **Zero Trust** > **Settings**. +3. Select **SaaS Integrations**. +4. Select **Add integration** > **Google Workspace**. +5. Select **Select Integration**. + +## Create an integration + +Name your integration, then select **Next**. + +### 1. Create a Service Account in your GCP Project + +1. Once you have named your integration, select **Next**. +2. On the [Google Cloud Console](https://console.cloud.google.com/welcome/new), go to the sidebar, select **APIs & Services**, then select **Credentials**. +3. Select **CREATE CREDENTIALS** > **Service account**. +4. Fill in the details to create a service account: + - **Service account name**: Enter `Message Retraction Service Account`. + - **Service account ID**: Enter `message-retraction-service-acc`. + - **Service account description**: Enter `Email Security Message Retraction`. + - Select **CREATE AND CONTINUE**. +5. In **Grant this service account access to project**, select **Select a role** > Choose **Owner**. Select **CONTINUE**, then select **DONE**. +6. Go back to **Credentials** on the sidebar, and select your service account under **Service Accounts**. In **Details**, take note of the **Unique ID**. +7. Select **Advanced settings** > **VIEW GOOGLE WORKSPACE ADMIN CONSOLE**, then enter your password. This will redirect you to the Google admin portal. +8. On the sidebar, select **Security** > **Access and data control** > **API controls** > Select **MANAGE DOMAIN WIDE DELEGATION**. +9. Select **Add new** > Add a new client ID: + - **Client ID**: Enter the **Unique ID** you took note of in step 5. + - **OAuth scopes**: Enter the following URLs: + + ```txt + https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.user.alias.readonly, https://www.googleapis.com/auth/gmail.labels, https://mail.google.com/ + ``` + - Select **AUTHORIZE**. + +### 2. Create a JSON Key for your Service Account + +On the [Google Cloud Console](https://console.cloud.google.com/welcome/new), select **Service Accounts** on the sidebar: + - Select the three dots, then: + - Select **Manage keys**. + - Select **ADD KEY** > **Create new key**. + - Select **JSON** > Select **CREATE**. This downloads a `.json` file which you will use at a later stage. + +### 3. Upload JSON Key + +On the [Zero Trust dashboard](https://one.dash.cloudflare.com/), upload the `.json` file downloaded on step 3. + +### 4. Enable Necessary Google Workspace APIs in GCP + +Enable the following APIs on the Google Cloud Console: + - [Enable Google Calendar API](https://console.cloud.google.com/apis/library/calendar-json.googleapis.com?project=winter-surf-439414-h1) + - [Enable Google Drive API](https://console.cloud.google.com/apis/library/drive.googleapis.com?project=winter-surf-439414-h1) + - [Enable Google Admin SDK API](https://console.cloud.google.com/apis/library/admin.googleapis.com?project=winter-surf-439414-h1) + - [Enable Gmail API](https://console.cloud.google.com/apis/library/gmail.googleapis.com?project=winter-surf-439414-h1) + - [Enable Google Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com?project=winter-surf-439414-h1) + +### 5. Log in to Google Workspace Admin Console + +Log in to Google Workspace Admin Console: Enter your password and log in to the Google Workspace Admin Console. + +### 6. Create a Domain-Wide Delegation API Client + +1. Copy the **Client ID** and **Scopes** displayed on the Zero Trust dashboard. +2. On Google Admin, go to **Security** > **Access and data control** > **API controls**. +3. Select **MANAGE DOMAIN WIDE DELEGATION** > **Add new**. +4. Use the Client ID and copy the scopes to create a new API client. Refer to [Delegate domain-wide authority to your service account](https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-alert-center?_gl=1*skktsb*_ga*MTMxODg5NDExMy4xNzI5NjA1MzYy*_ga_WH2QY8WWF5*MTcyOTc3MDg2Ny40LjEuMTcyOTc3MDg5OC4yOS4wLjA.#delegate_domain-wide_authority_to_your_service_account). Then, select **Next**. + +### 7. Confirm Workspace Administrator Email + +Enter the email associated with the Google Workspace Administrator account. Your email must match the email associated with your Google Workspace account, or else your integration will not work. + +### 8. Create integration + +1. Select **Create integration**. +2. Once you created your integration, you will be redirected to the **Review details** page, where you will be able to review **Integration details**. +3. Review your details, then select **Complete Email Security set up** > **Continue to Email Security**. + +## Next steps + +Now that you have created an integration, you will need to [connect your domains](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/) for Email Security to start scanning your inbox. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx new file mode 100644 index 00000000000000..9bb3d404132ce0 --- /dev/null +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/gmail-bcc-setup.mdx @@ -0,0 +1,15 @@ +--- +title: Overview +pcx_content_type: overview +sidebar: + order: 1 +--- + + +For customers using Gmail as their email provider, setting up Email Security is quick and easy. + +You will need to [enable Gmail BCC on the Zero Trust dashboard](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration/), [create an integration](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/enable-gmail-integration/), and [connect your domain(s)](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/). You can choose to [add additional domains](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/connect-domains/) at a later stage. + +Once you set up Gmail BCC integration, Email Security will receive a copy of your email messages. The following email flow shows how this works: + +![Gmail BCC deployment flow](~/assets/images/email-security/deployment/api-setup/gmail-bcc-deployment.png) \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/index.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/index.mdx new file mode 100644 index 00000000000000..06417782c3e3db --- /dev/null +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/bcc-setup/gmail-bcc-setup/index.mdx @@ -0,0 +1,13 @@ +--- +title: Gmail BCC setup +pcx_content_type: navigation +sidebar: + order: 1 + group: + hideIndex: true +--- + +import { DirectoryListing } from "~/components" + + + \ No newline at end of file