Configuration in Google Workspace

  • 2 minute(s) read

Step 1- Selecting the “Journal” Architecture

After signing into the Trustifi web portal as an admin, navigate to the Plan Settings” page under the “Inbound Management” section.

In the “Email Flow Architecture” tab, click on the “Via Journal” setting.

You will also need to confirm this change in a pop-up.

Step 2 – Copying the journaling address

After the architecture change has been confirmed, Trustifi will generate a unique journaling address that will be used to receive the journaled traffic.

Click on the copy icon next to this address to copy it, as you will be using it during the journaling rule configuration in Google.

Step 3 – Creating a content compliance rule in Google Workspaces

First, sign into the Google Admin Portal with your global admin credentials.
Then, navigate to the Compliance” page and scroll down to the “Content Compliance” section. There, create a new rule.

Step 4 – Naming the rule

Give your compliance rule a descriptive name.

Step 5 – Email messages to affect

Select which types of messages should be journaled to Trustifi. You will need to select the “Inbound” checkbox, and you can also choose to journal internal inbound traffic by selecting “Internal – Receiving“.

Step 6 – Adding an expression

Here you will need to add an expression that, when matched, emails will be journaled to Trustifi. Follow the instructions below.

First, select “If ALL of the following match the message” and click “Add“.

In the pop-up, configure these settings:
1. Select “Advanced content match

2. Under “Location“, select “Full headers

3. Under “Match type“, select “Not matches regex

4. Add this regex (without the quote marks) – “^Received[:].+(3[.]93[.]139[.]220|3[.]93[.]243[.]176|3[.]251[.]32[.]127|54[.]195[.]145[.]1)”

5. Click “Save

Step 7 – Add journaling recipient

Scroll down to the “Also deliver to” section and select the box for “Add more recipients“. Then, click on the “Add” link to add a journaling recipient.

Step 8 – Configure journaling recipient

First, change the setting configuration to “Advanced“.

In the “Advanced” section, select the “Change envelope recipient” box and paste the Trustifi journaling address you’ve copied before in the “Replace recipient” input field.

Scroll down to the “Spam and deliver options” section and uncheck the box for “Do not deliver spam to this recipient“. Then, click on “Save” at the bottom right corner.

Step 9 – Saving the compliance rule

Click on “Save” once again at the bottom right to save the compliance rule.

Once the compliance rule is saved and enabled, your inbound traffic should be journaled and scanned in Trustifi.

Enabling the Google Workspaces API integration

To perform additional security actions, like sending emails to quarantine and releasing them back to user mailboxes, you will need to also enable the Google Workspaces API integration from Trustifi.

Follow the steps below to enable this API integration.

Step 10 – Navigating to the integrations page

You can navigate to the “Integrations” page directly from this link – https://app.trustifi.com/inbound/plan/integrations

Or, you can find the integration status in the “Exchange/Google API Integrations” section, and click on the Google Workspace icon.

Step 11 – Connecting the Google Workspaces API

Once you are in the correct section of the “Integrations” page, you can click on the “Connect” button to open the Google Workspaces API connection interface.

From here, you can follow the instructions in the guide below to connect the Google API integration:
https://docs.trustifi.com/docs/deploying-to-an-org-unit