Skip to main content

Setting Up Direct Mail Injection (DMI) for Google Phishing Simulations

Jeff Lee
Updated

Step 1: Create a Service Account

  1. Navigate to Google Cloud Console:
  2. Create a New Project for the Service account:
    • Navigate to IAM & Admin > Create a Project 
    • Enter a Project name * 
    • Select Organization * 
    • Select Parent resource *
    • Click Create the save button.
  1. Enable Admin SDK API:
    1. Navigate to APIs & Services > Library.
    2. Search for "Admin SDK".
    3. Click on "Admin SDK API" and enable it.
  1. Create a Service Account:
    1. Navigate to IAM & Admin
    2. Select Service Accounts
  1. Access IAM & Admin:
    1. Click on "IAM & Admin".
    2. Select "Service Accounts".

 

  1. Create a Service Account:
    • Click "+Create Service Account".
    • Fill in the Service account name and description.
    • Click "Create and Continue".
  1. Grant Access to Project:
    • From Permissions add the following Roles
      • Search and assign access to the project:
        1. "Service Account Admin"  
        2. "Service Account User
        3. Click "Done".

Step 2: Set Up Domain-Wide Delegation

  1. Configure Domain-Wide Delegation:

    • Navigate to the "Actions" column and click on "Manage details".
    • Click on "Advanced Settings"
    • Copy the "Client ID:" number and click on the "View Google Workspace Admin Console" button.

  2. Configure API Access:

    • Open the Admin console.
    • Navigate to "Security" > "Access and data control" > "API Controls".
    • Click "Manage domain wide delegation".

  3. Add New API Client:

    • Click "Add new" under "API clients".
    • Enter the Unique ID from the Service account details page.

    • For OAuth scopes, copy and paste the following:

       
      https://mail.google.com/,
      https://www.googleapis.com/auth/gmail.modify,
      https://www.googleapis.com/auth/gmail.readonly,
      https://www.googleapis.com/auth/gmail.labels
       
    • Click "Authorize".

 

Step 3: Generate a JSON Key

  1. Navigate to Google Cloud Console:
  2. Access the Service Account:
    • Return to the "Service Accounts" page.
    • Click on the newly created service account.
    • Ensure the Service account status is set to "Enabled".
  3. Create a Key:
    • Navigate to the "Keys" section.
    • Click "Add Key" and select "Create new key".
    • Choose "JSON" as the key type and click "Create".
    • Save the JSON file securely as it contains the credentials for the service account.
  1. Upload the JSON File to Dune Platform

    • Send the JSON file you generated to your Account Manager at Dune Security. This is necessary to complete DMI setup.



      Note: Regarding rotating keys, please contact the Solutions Engineering team when credentials expire.

Step 3: Set Up Domain-Wide Delegation

  1. Access Domain-Wide Delegation:
    • Go to the "Details" tab of your service account.
    • Click on "Advanced Settings" and then "Learn more about domain-wide delegation".
  2. Configure API Access:
    • Open the Admin console.
    • Navigate to "Security" > "Access and data control" > "API Controls".
    • Click "Manage domain wide delegation".
  3. Add New API Client:
    • Click "Add new" under "API clients".
    • Enter the Unique ID from the Service account details page.

    • For OAuth scopes, copy and paste the following:

       
      https://mail.google.com/,
      https://www.googleapis.com/auth/gmail.modify,
      https://www.googleapis.com/auth/gmail.readonly,
      https://www.googleapis.com/auth/gmail.labels
       
    • Click "Authorize".

Step 4: Enable Gmail API

You can confirm Gmail API is enabled with these steps:
  1. Access Google Cloud Console:
    • Open your web browser and navigate to the Google Cloud Console.
  2. Navigate to APIs & Services:
    • In the left-hand navigation panel, click on APIs & Services.
  3. Search for Gmail API:
    • In the APIs & Services dashboard, find the search bar at the top and type Gmail API.
  1. Enable the Gmail API:
    • Click on the Gmail API result from the search.
    • On the Gmail API page, click the Enable button.

 

Step 5: Finalize Configuration

  1. Verification:
  • Ensure all settings are saved and verified.
  • Conduct a test to confirm the configuration is working as expected.

Optional: SMTP Setup for Google Phishing Simulations

Direct Mail Injection is the recommended delivery method for Google phishing simulations. However, if your organization is unable to use DMI, Dune also supports SMTP-based delivery.

SMTP requires additional mail routing and allowlisting configuration in Google Workspace to ensure simulation emails are delivered successfully and are not blocked, filtered, or marked as spam by Google’s security controls.

To configure SMTP for Google phishing simulations, follow the setup guide here:

Setting Up Simple Mail Transfer Protocol (SMTP) for Google Phishing Simulations

Once SMTP configuration is complete, log in to the Dune platform and send a test simulation to confirm delivery.

Related articles

Comments

0 comments

Please sign in to leave a comment.