License Type: Advanced Managed Email Security
Important
The steps below are specifically for the license type Advanced Managed Email Security. The Advanced Managed Email Security license offers content-based encryption, where a policy or policies are enabled on the customer account and user emails are then automatically assessed for specific content and encrypted if policy content is found. The license type also supports setting up keywords where the end user can force an email for encryption by adding the keyword to an email subject.
If you have the license type Managed Email Security, go to License Type: Managed Email Security.
For a customer to use EncryptTitan, a number of settings must be configured on the EncryptTitan portal, on the mail server, and on the customer domain.
The main steps for setting up a customer account are listed here, and should be carried out in order. Select the links to jump to more specific details for each one.
Setting up your customer account:
Add the domain.
To send encrypted emails, you'll need to add your customer domain. Go to Configurations > Domain setup and select Add domain. See Add Domain in Domain Setup for more details.
Enable the required encryption delivery methods and content-inspection policies.
Note
To enable content inspection, you will need to enable encryption delivery method(s) as explained in Step a below. You'll also need to enable one or more content encryption policies that will be used for content assessment of your emails, as described in Step b.
Set up the email encryption delivery methods required for this customer by going to Configurations > Email Security. The following three delivery methods can be used:
Secure Delivery Method 01: TLS. See Sending Emails with TLS Protocol.
Secure Delivery Method 02: No Registration Required (NRR). See Enabling OTP on Email IDs.
Secure Delivery Method 03: Registration Required (RR). See Ensuring Email ID Registration with EncryptTitan.
You also have the option to set up keywords for enabled delivery methods that will allow users to send encrypted emails. You can do this when you enable the delivery method(s) required.
Enable the policies for content inspection and optionally add a keyword to bypass content inspection by going to Configurations > Email Security > Content Inspection with Automated Encryption.
Update your SPF and DKIM entries.
Set up SPF and DKIM on each domain that has been added to EncryptTitan. See Setting Up SPF and DKIM for more details.
After carrying out the SPF and DKIM setup on each domain, you'll need to verify the setup on the EncryptTitan portal by going to Configurations > Domain setup. Select the checkbox beside the domain you want to verify, and select Verify domain. Then select Verify in the popup window. The table should then show SPF and DKIM status Verified.
Configure your Mail Server.
Capture the mail server setup details by going to Configurations > Domain setup and selecting Outbound servers. Select your corporate mail server type from the dropdown menu. See Outbound Server in Domain Setup.
Next, you'll need to configure the platform you use to send outbound email through the EncryptTitan encryption gateway. Select from the instructions below:
Add your EncryptTitan end users (Identities).
Add Identities to the system which are the end users who will send secure emails. Go to Configurations > Identities and see Adding Identities for details.
Set your Service Identity.
Setting up a service identity and assigning it during email security setup ensures that users in your domain can successfully send encrypted emails. This is a mandatory step if you want users on the domain to be able to send emails for encryption, even when they have not completed their account setup or if they have not yet been added as an identity.
Go to Configurations > Identities and select the end user (identity) to set up as a service account.
Select the checkbox and select Service identity. You can select select either Service account or Additional administrative privileges. See Editing Identities for further details.
Note
If your spam filter has display name spoofing detection enabled, then it is recommended that you do not use a user alias for the service identity email address. This is because it may result in a display name false positive. It is recommended that a noreply, support, or admin alias be used, because these are unlikely to trigger a display name false positive.
After assigning an identity as a service identity, go to Configurations > Email Security. In the General section, select the email of the service identity from the Service identity username dropdown menu, and select Update.