This article describes how to configure and install the SMARTFENSE phishing report button for Google Workspace – Gmail, including installation from the Marketplace and validation of corporate domains via DNS.
Prerequisite: regardless of the email client used, you must validate your corporate domains in SMARTFENSE for the button to work correctly. This step is mandatory and must be completed in parallel with the installation.
Please refer to the domain validation guide: How to validate a domain in SMARTFENSE
Button Installation
To start the configuration, go to Settings > Simulations > Phishing Report Button and fill in the requested information following the instructions.
1. Configuration Data
In this section, you must enter the email address(es) of the people who will receive reports of external emails reported (emails that are not part of a simulation).
If you want to add more than one email, separate them with commas, no spaces.
The accounts configured as recipients will receive the reports from the user who submits the report.
2. Installation Data
Select the email client: Gmail.
For direct access, click Go to marketplace and continue with the installation steps in the guide.
3. Save
Once the process is complete, click Save to apply the configuration.
Button Installation from Marketplace
Step 1: Access the Marketplace
Go to the following URL of the Google Workspace Marketplace:
https://workspace.google.com/marketplace/app/phishing_report_button/402430844920
Then, click Admin install to start centralized installation.
Step 2: Installation Confirmation
On the next screen, click Continue to proceed with the process.
Step 3: Consent
Review the consent screen with the permissions required by the extension and click Finish to confirm.
Step 4: Successful Installation
The system will display a message indicating that the installation was successful.
From this moment, the button will begin rolling out to users in the domain.
| Note: the time for the button to be available to all users may vary depending on Google Workspace policies and the number of accounts in the domain. |
💡 Best Practices
Perform the installation from the Marketplace with a Google Workspace administrator account.
Validate all corporate domains before communicating the button’s use to users.
Centralize reports to institutional emails of the security team.
Inform users that deployment may take time and perform a test report to confirm functionality.