Skip to main content

Email Security Setup - Auto-Remediation Settings (Google Workspace)

Configure Adaptive Email Security's remediation engine and its automated actions in your Google Workspace account

Follow the instructions below to enable and configure the Adaptive Email Security remediation engine for your organization's Google Workspace. The remediation engine lets you decide what Adaptive does with malicious emails automatically, based on how confident the detection is.

⚠️ To complete the following steps, you must be a Google Workspace Super Admin.

Step 1 — Grant remediation permissions

Remediation requires write access to Gmail (the gmail.modify scope) via domain-wide delegation. If you've already granted read-write access, skip to Step 2. Complete this step only if you previously connected Adaptive with read-only permissions.

  1. Go to Workspace > Integrations.

  2. If you previously granted only read-only permissions, re-authorize the integration by clicking Manage > Actions > Re-authorize.

  3. Click Next in the "Google Email Security" integration tile.

  4. Follow the steps in the pop-up window:

    1. Enter the email associated with your organization's Google Workspace Super Admin account.

    2. Navigate to admin.google.com.

    3. In the Google Workspace Admin console, go to Security → Access and data control → API Controls, and select the API Controls section.

    4. Scroll to the Domain wide delegation section and click Manage Domain Wide Delegation.

    5. Click Add new.

    6. In the Client ID field, enter: 110246164751410555484

    7. In the OAuth Scopes field, enter the following (comma-separated). The gmail.modify scope is what allows Adaptive to remediate malicious emails:
      https://www.googleapis.com/auth/admin.directory.user.readonly,https://www.googleapis.com/auth/gmail.readonly,https://www.googleapis.com/auth/gmail.modify

  5. Back in Adaptive, click Create Integration to verify the integration was successful.

Step 2 — Turn on Email Event Remediation

  1. Navigate to Settings > Email Security.

  2. Toggle on Email Event Remediation.

  3. While this toggle is off, Adaptive stays in read-only mode — it only monitors and scores reported threats and takes no action. Turn it on to configure automated actions.

Step 3 — Set your confidence threshold and actions

Each malicious event Adaptive detects is given a confidence score from 0–100, reflecting how confident Adaptive is that the email is a genuine threat. You decide what happens above and below a threshold you choose.

  1. In the Confidence Threshold Rules card, click Configure.

  2. Set the Confidence Score Threshold (default: 70). Use Restore Default to return to 70 at any time.

  3. Choose the remediation action for emails that score below the threshold (for example, Leave in inbox; flag for admin review).

  4. Choose the remediation action for emails that score at or above the threshold (for example, Remove email from all inboxes and send to trash).

  5. Click Save.

Available remediation action options:

  • Leave in inbox, no action — Adaptive scores the email but takes no action; the message stays in the recipient's mailbox.

  • Leave in inbox; flag for admin review — The email stays in the mailbox but is flagged for an admin to review and action manually.

  • Move email to spam — Adaptive moves the email to the recipient's spam folder.

  • Remove email from all inboxes and send to trash — Adaptive removes the email from every affected inbox and sends it to trash.

A typical setup leaves lower-confidence detections in the inbox and flags them for an admin to review, while automatically removing higher-confidence threats. Adjust the threshold up to act automatically on fewer, more certain detections, or down to act on more.

Step 4 — Decide on Auto-remediate similar messages

The Auto-remediate similar messages toggle extends an automatic remediation to closely related messages.

  • When on, if an email is automatically remediated, Adaptive applies the same action to similar messages (same sender/subject) detected within a rolling 72-hour window.

  • Leave it off if you want each message remediated individually.

Step 5 — Set-up Admin Digest Notifications

Once remediation is configured, you can set-up admin digest notifications to be sent to you via Email and/or via Slack / Teams to inform you of auto-remediation updates, as well as items flagged for Admin Review that require your attention.

Note that notifications are set up per admin, so each member of your team will have the option to set up notifications at their preferred frequency and via their preferred channel.

To configure:

  1. Navigate to Settings > Personal Settings

  2. Under Activity Notifications, navigate to Email Security Report

  3. Set the preferred frequency of notification via the drop-down.

  4. And, toggle on your preferred channel(s) of notification (email, Slack/Teams, or both)

  5. You will start to receive a digest notification per your specified frequency.

Questions?

Reach out to [email protected]

Did this answer your question?