Google CSE support for Google's end-to-end encrypted email
Caution
This feature is a technical preview for evaluation in non-production environments. A technical preview introduces new, limited functionality for customer feedback as we work on the feature. Details and functionality are subject to change. This includes API endpoints, UI elements, and CLI commands. We cannot guarantee that data created as part of a technical preview will be retained after the feature is finalized.
Google Workspace can use the Key ACL Service (KACLS) to encrypt and decrypt Gmail messages. To enable this client-side encryption, you must first complete the additional prerequisites for Gmail. You can skip the certificate preparation step.
Google's end-to-end encrypted email ("Send to anyone") offers a simpler alternative to CSE. It allows enterprise Gmail users to send end-to-end encrypted messages to any email address. Google's end-to-end encrypted email requires the Assured Control add-on.
Note
CipherTrust Manager versions 2.10 through 2.19 support the alpha and beta releases of Google's end-to-end encrypted email.
External recipients are granted guest accounts. These accounts:
Reside within a dedicated organizational unit (OU) or group.
Are fully owned by the customer's organization.
Must adhere to the customer's organization's policies.
Admin controls allow Gmail users to access their accounts.
Enable Send to anyone
To enable "Send to anyone" from the Google Admin console:
Open the Google Admin console.
Log on to the user domain as a super admin.
Navigate to Data > Compliance > Client-Side Encryption > Gmail.
Under Send to anyone, click the Edit icon.
Enable Allow users to send client-side encrypted messages to recipients who aren't using S/MIME.
Click Save.
Note
This feature is released by Google in three separate phases: Alpha, Beta, and General Availability (GA). Each phase represents a different level of maturity, stability, and support.
Alpha: The Alpha release doesn't support external and guest recipeints.
Beta: The Beta release will support external Gmail domains but not guests. Additionally, the Beta release will support the following.
Setting up a guest Identity Provider (IdP) for external recipients.
Sending emails to other Workspace domains (Gmail).
Sending emails to @gmail.com consumer accounts.
GA: GA will support guest recipients.
