Step 1: Create Google Workspace Add on project
-
Navigate to https://script.google.com/ and login as the domain super admin. Click New project.
-
Click Untitled project, rename the project Report potential phishing, and then click Rename.
-
Click the + sign next to Files and select Script.
-
Type Config as the file name and press Enter. The file list looks like this:
-
Click the Settings icon at the bottom of the navigation bar.
-
Select the Show "appscript.json" manifest file in editor checkbox.
-
Click the Code Editor icon in the navigation bar.
The appscript.json file appears in the file list like the example below:
-
Using the provided GmailAddOn.zip file, extract, copy, and paste the contents of each file into the corresponding files in the Apps Script editor.
-
Before
-
After
-
-
After the files are copied into and saved in the Apps Script editor, click Deploy and select New deployment.
-
Click the gear icon next to Select type and select Web app and Add-on.
-
Type Report potential phishing as the New description, select the Anyone within… option under Who has access, and then click Deploy.
-
After the deploy is complete, click Copy under the Deployment ID and paste the ID somewhere for use in a later step.
Note
Keep this tab open. You return to it in a later step
Step 2: Create Google Workspace Cloud project
-
Open a new browser tab and go to https://console.cloud.google.com/projectcreate, type Report potential phishing as the project name, and then click CREATE.
-
Click the top left menu icon, select APIs & Services, and then click Enabled APIs & services.
-
Search for Google Workspace Marketplace SDK.
-
Select Google Workspace Marketplace SDK from the search results.
-
Click ENABLE.
-
Click the App Configuration tab.
-
From the App Configuration tab, click The OAuth Consent Screen must be enabled for this project.
-
On the OAuth consent screen, select Internal and then click CREATE.
-
Complete the following fields, leaving the rest empty, and then click SAVE AND CONTINUE.
-
App name: Report potential phishing
-
User support email: type an email address for the security team/help desk where end users can direct general questions if they have any
-
Developer contact information: support@expel.io
-
-
On the Edit app registration page, click ADD OR REMOVE SCOPES.
-
In the Update selected scopes area that opens, copy the following scopes into the Manually add scopes field.
-
https://www.googleapis.com/auth/gmail.addons.execute
-
https://www.googleapis.com/auth/gmail.addons.current.message.readonly
-
https://www.googleapis.com/auth/gmail.send
-
-
Click ADD TO TABLE.
-
Verify that the 3 scopes are added to the table and are selected and click UPDATE.
-
The Edit app registration page appears, showing the 3 scopes. Scroll to the bottom of the page and click SAVE AND CONTINUE.
Step 3: Connect Google Workspace Cloud and Add on projects
-
Go to the App configuration page: https://console.cloud.google.com/apis/api/appsmarket-component.googleapis.com/googleapps_sdk and copy the App ID.
-
Go back to the Apps Script tab, or navigate to the Report potential phishing project at https://script.google.com and navigate to Project Settings, then click Change project at the bottom of the page.
-
Paste the copied App ID from Step 3.1 into the GCP Project Number field, and then click Set project.
-
Go back to the API & Services cloud console tab https://console.cloud.google.com/apis/api/appsmarket-component.googleapis.com/googleapps_sdk, select the Google Workspace Add-on checkbox and Deploy using Apps Script deployment id, then type the Deployment ID copied from Step 1.
-
Scroll to the OAuth Scopes section, click ADD SCOPE, and add the 3 scopes below. After complete, 5 scopes total should be listed, including the 2 defaults:
-
Select Admin Only Install for Installation Settings, select Private for App Visibility, and then click SAVE.
-
Scroll to Developer Links and type the following:
-
Developer Name: Expel
-
Developer Website URL: https://expel.io
-
Developer Email: support@expel.io
-
-
Select the Store Listing tab in the middle of the page. Click the down arrow next to English - under App Details.
-
Fill in the following App Details fields and then click DONE:
-
Application Name: Report potential phishing
-
Short Description: Report potential phishing emails
-
Detailed Description: Utility to help send potential phishing emails for triage
-
-
Fill in the following remaining fields and then click PUBLISH:
-
Category: Administration and Management
-
Graphic Assets (click BROWSE and upload image from zip file):
-
Application Icon 32x32: 32x32.png
-
Application Icon 128x128: 128x128.png
-
Application Card Banner: 128x128.png
-
-
Screenshot (click BROWSE and upload image from zip file): 80x80.png
-
Support Links:
-
Terms of Service URL: https://expel.io
-
Privacy Policy URL: https://expel.io
-
Support URL: https://support.expel.io
-
-
Distribution: click All Regions or select from the Regions list.
-
Step 4: Install add on to domain
-
Navigate to https://gsuite.google.com/marketplace/mydomainapps, click the Report potential phishing app, and then click Domain Install.
-
In the Domain wide install area, click CONTINUE.
-
On the OAuth Consent Screen, click the I agree checkbox, and then click ALLOW.
-
After complete, you see a success message. Click DONE.
-
The add-on becomes available to end users shortly. It can take as long as 24 hours for the deployment to take effect.