Direct Message Injection (DMI) setup guide for Google Workspace
Read this article in: Deutsch
Direct Message Injection (DMI) delivers simulated phishing emails directly to your users' inboxes using a secure Google API connection. This method bypasses the need for IP whitelisting and provides faster, more reliable delivery than traditional SMTP.
Prerequisites / Who can use DMI?
All SoSafe plans can use Google DMI.
You must be a Google Workspace customer.
You must have an account with the Super Admin role.
Limitations
The DMI connection does not support sending messages to alias email addresses.
Benefits of using DMI
Here are the main advantages of using DMI over standard SMTP delivery:
Improved email delivery: Traditional SMTP delivery can cause simulation emails to be caught by spam filters or quarantined. DMI bypasses these filters by delivering emails directly via a secure API connection, ensuring they reach user inboxes.
Simplified whitelisting: You no longer need to maintain whitelists for our IP address ranges. Instead of managing IPs, you only need to grant specific permissions to a SoSafe Client ID in your Google Workspace Admin console. This gives you more effective access control.
Quicker setup: The setup process is faster as it reduces the dependency on your IT team for mail server changes. This allows you to launch your awareness program more quickly.
Step 1: Authorize SoSafe in Google Workspace
Log into your Google Workspace Admin console with a Super Admin account.
In the left-hand menu, navigate to Security. If Security isn’t shown directly, you must first select More Controls.
Select Overview, followed by API controls.
Under the section Domain wide delegation, select Manage Domain Wide Delegation.
Select Add new.
Enter the following information in the corresponding fields:
Client ID:
105916117134231974568
OAuth Scopes:
https://www.googleapis.com/auth/gmail.insert
Select Authorize to save the changes.
Step 2: Activate and test in SoSafe Manager
Log into your SoSafe Manager.
Navigate to Settings / Integrations.
Find the Google DMI card and select Enable.
If you do not see this option, please contact your Customer Success Manager to have it activated.
Enter your own Gmail account email address and select Send test email.
Check your inbox to confirm you have received the test email.
In the SoSafe Manager, go to Emails / Email log to confirm the email status is "Delivered".
Once you have confirmed delivery, toggle the switch to Enable Google DMI.
Note: When enabling or disabling DMI, any personalized phishing simulation campaigns that are currently running will take a maximum of two days to update their settings. Therefore, if there are emails already scheduled, they will continue to use the previous method until the update process is completed.
How to disconnect the DMI integration
To disable DMI, you must perform actions in both the SoSafe Manager and your Google Workspace Admin console.
In the SoSafe Manager:
Go to Settings / Integrations.
Find the Google DMI card, select Edit, and toggle the switch to disable the feature.
In Google Workspace (Recommended):
Log into your Google Workspace Admin console.
Navigate back to the Manage domain wide delegation page (see above).
Find the SoSafe Client ID you added during setup and select Remove to fully revoke permissions.
Troubleshooting & support
Test email not received
If the test email does not appear in the inbox, check the following:
Confirm the email address exists and is active within your Google Workspace.
Make sure the correct Client ID and OAuth scopes were entered during setup.
Check the Promotions tab in Gmail, as emails can sometimes be filtered there.
Check the Email log in the SoSafe Manager to verify the email's delivery status.
Even with DMI, any email security solution that scans inboxes - such as Google's built-in tools or third-party filters - may still affect the visibility of the simulation email. If emails are not displaying correctly or are being flagged, you may need to adjust your security configurations.
If problems persist, try disconnecting and re-authorizing the integration from scratch or contact your Customer Success Manager for help.
Alternative: SMTP delivery
If DMI setup is not possible due to technical or policy constraints, you can continue to use our traditional IP-based whitelisting for email delivery. Your Implementation Manager can assist you with this setup. You can also find more information in our Knowledge Base: Google Workspace whitelisting instructions
Beta info
The DMI feature is currently in Beta. While fully functional, elements such as API scopes or permission requirements may change as we continue to improve the feature. We recommend reviewing your integration settings periodically.
For further assistance, please contact SoSafe Support or your Customer Success Manager.