Gmail Report Phishing button set up

Navigate to https://script.google.com/ and login as the domain super admin. Click New project.

Click Untitled project, rename the project Report potential phishing, and then click Rename.

Click the + sign next to Files and select Script.

Type Config as the file name and press Enter. The file list looks like this:

Click the Settings icon at the bottom of the navigation bar.

Select the Show "appscript.json" manifest file in editor checkbox.

Click the Code Editor icon in the navigation bar.

The appscript.json file appears in the file list like the example below:

Using the provided GmailAddOn.zip file, extract, copy, and paste the contents of each file into the corresponding files in the Apps Script editor.

After the files are copied into and saved in the Apps Script editor, click Deploy and select New deployment.

Click the gear icon next to Select type and select Web app and Add-on.

Type Report potential phishing as the New description, select the Anyone within… option under Who has access, and then click Deploy.

After the deploy is complete, click Copy under the Deployment ID and paste the ID somewhere for use in a later step.

Open a new browser tab and go to https://console.cloud.google.com/projectcreate, type Report potential phishing as the project name, and then click CREATE.

Click the top left menu icon, select APIs & Services, and then click Enabled APIs & services.

Search for Google Workspace Marketplace SDK.

Select Google Workspace Marketplace SDK from the search results.

Click ENABLE.

Click the App Configuration tab.

From the App Configuration tab, click The OAuth Consent Screen must be enabled for this project.

On the OAuth consent screen, select Internal and then click CREATE.

Complete the following fields, leaving the rest empty, and then click SAVE AND CONTINUE.

On the Edit app registration page, click ADD OR REMOVE SCOPES.

In the Update selected scopes area that opens, copy the following scopes into the Manually add scopes field.

Click ADD TO TABLE.

Verify that the 3 scopes are added to the table and are selected and click UPDATE.

The Edit app registration page appears, showing the 3 scopes. Scroll to the bottom of the page and click SAVE AND CONTINUE.

Go to the App configuration page: https://console.cloud.google.com/apis/api/appsmarket-component.googleapis.com/googleapps_sdk and copy the App ID.

Go back to the Apps Script tab, or navigate to the Report potential phishing project at https://script.google.com and navigate to Project Settings, then click Change project at the bottom of the page.

Paste the copied App ID from Step 3.1 into the GCP Project Number field, and then click Set project.

Go back to the API & Services cloud console tab https://console.cloud.google.com/apis/api/appsmarket-component.googleapis.com/googleapps_sdk, select the Google Workspace Add-on checkbox and Deploy using Apps Script deployment id, then type the Deployment ID copied from Step 1.

Scroll to the OAuth Scopes section, click ADD SCOPE, and add the 3 scopes below. After complete, 5 scopes total should be listed, including the 2 defaults:

Select Admin Only Install for Installation Settings, select Private for App Visibility, and then click SAVE.

Scroll to Developer Links and type the following:

Select the Store Listing tab in the middle of the page. Click the down arrow next to English - under App Details.

Fill in the following App Details fields and then click DONE:

Fill in the following remaining fields and then click PUBLISH:

Navigate to https://gsuite.google.com/marketplace/mydomainapps, click the Report potential phishing app, and then click Domain Install.

In the Domain wide install area, click CONTINUE.

On the OAuth Consent Screen, click the I agree checkbox, and then click ALLOW.

After complete, you see a success message. Click DONE.

The add-on becomes available to end users shortly. It can take as long as 24 hours for the deployment to take effect.