Skip to main content
Skip table of contents

Direct Message Injection (DMI) Setup Guide for Google Workspace

The Direct Message Injection (DMI) feature (currently in Beta) allows phishing simulation emails to bypass traditional email filtering, delivering them directly to user inboxes without the need for whitelisting. This is achieved by creating a secure connection between your SoSafe account and your Google Workspace account.

Setting up DMI in Google Workspace

Step 1: Prerequisites

  • Required Admin role: Ensure you have a Google Workspace account with a super admin role to set up DMI. Refer to Google’s Control API access with domain-wide delegation for more details.

  • Limitations: The DMI connection does not support sending messages to alias email addresses.

Step 2: Authorize DMI in Google Workspace

  1. Log into your Google Workspace Admin console at admin.google.com.

  2. Go to Security (or More Controls at the bottom if Security isn’t shown directly).

    GoogleSecurityButton.png
  3. Select Overview, followed by API Controls.

  4. Under Domain wide delegation, select Manage domain wide delegation.

    GoogleManageDomainWideDelegationButton.png
  5. Select Add new.

GoogleAddNewButton.png
  1. Under Client ID, enter: 105916117134231974568

    GoogleClientID.png
  2. In OAuth Scopes, enter: https://www.googleapis.com/auth/gmail.insert

  3. Select Authorize to finish the process within the Google Workspace Admin console.

Step 3: Activate Google DMI in SoSafe Manager

  1. Log into your SoSafe Manager at https://manager.sosafe.de/.

  2. Go to Settings / Integrations.

  3. Find the Google DMI card and select Enable. If you don’t see the card, reach out to your Customer Success Manager, who will make sure to activate it for you.

    google_dmi_manager1.png
  4. Enter your Gmail account email and select Send test email.

    google_dmi_manager_2.png
  5. Check your inbox to confirm receipt of the test email. It should look like this:

    google_dmi_mail.png
  6. If you received the email, toggle Enable Google DMI to enable Google DMI. If you haven’t received the email, check whether the email was sent under Emails / Email log and reach out to your Customer Success Manager.

Note: When enabling or disabling DMI, any personalized phishing simulation campaigns that are currently running will take a maximum of two days to update their settings. Therefore, if there are emails already scheduled, they will continue to use the previous method until the update process is completed. This delay applies only to personalized phishing simulation campaigns and not to classic simulation campaigns.

Disconnecting Google DMI

If you need to disable the DMI connection, follow these steps:

  1. Log into your SoSafe Manager at https://manager.sosafe.de/.

  2. Go to Settings / Integrations.

  3. Disable Google DMI:

    1. Find the Google DMI card, click Edit, and uncheck the Google DMI Connection box.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.