Problem

• MailGate does not have to access to LDAP server to retrieve the Internal user accounts
• You do not want to manually create and declare each internal user in MailGate
• Internal users should be automatically enrolled as Enterprise and have different Secure Collaboration settings than External users, for example to receive secure emails as 'Standard Plain Email'.

Background

   Secure Collaboration (SC) enrollment is per recipient. An account is created for the recipient and is enrolled with an SC role upon receiving a secure email. If an inside user sends an email which gets routed via Secure Mailbox and he does not have a user account in MG yet (e.g. due to no LDAP server configuration), MailGate will not create an account for the recipient and will not enroll him - the role in use will be Unregistered User. The latter is not desired behavior in general since the secure package will require no password to be opened and no enrollment process does apply.

Solution

   Two options are available:

1. Import Internal users from a plain text file (MailGate also provides automatic user import feature)

2. Set External users to enroll Internal users on secure message replies

Option #1 'Import Internal users from a plain text file'

   1. Create a new group, ex. 'Internal', with Enterprise Users role assigned to it

   2. Import the Internal users and assign them to the 'Internal' group created above

   3. Create a second group for External users, ex. 'External' and enroll the members as 'Registered Users'

   4. Set the Secure Collaboration Role settings for Enterprise and Registered Users as needed

   5. Enroll External users using SM Redirect Policy and Delivery Profile to the 'External' group.

Option #2 ‘Set External users to enroll Internal users on secure message replies’

You can enable External users to enroll Internal users into a group that has Enterprise Role with 'Standard Plain Email' delivery method assigned to it.

   1. Create a group for External users, ex. 'External' and assign 'Registered Users' role to it

   2. Create another group ‘Internal’ and assign ‘Enterprise Role’ on it (or a role that has 'Standard Plain Email' as delivery method)

   3. Enroll External users using SM Redirect Policy and Delivery Profile into group named ‘External’

   4. In the role assigned to the 'Registered Users'  role, add enrollment to ‘Internal’ group.

Internal users will receive secure replies as Standard Plain Email. They can receive registration link as well, only if enabled on the group settings (Groups -> Internal -> Activation -> ‘Enable Self-Registration’)

IMPORTANT: Please note that External users will also be able to enroll other External users which will receive messages in plain text. To restrict External users to reply to Internal users only, use the 'Restrict Which Domains User Can Send to' option in the Registered Users role. However this means that an External user cannot reply to both external and internal users in a secure message (unless the external domains are also listed).