Secure Email Gateway is a component of Workspace ONE UEM that helps protect your mail infrastructure and enables Mobile Email Management (MEM) functionality.

Prerequisites

You must configure the Secure Email Gateway using the Workspace ONE UEM console before you can configure Secure Email Gateway on Unified Access Gateway. After configuring the node, note down the Secure Email Gateway Configuration GUID, which is automatically generated. For more information, see Secure Email Gateway documentation.
Note: The acronym SEG is also used to refer to Secure Email Gateway.
Note:
  • Secure Email Gateway is supported by all the Unified Endpoint Management (UEM) versions.
  • Secure Email Gateway is configured to follow the Syslog configurations which is configured as part of Unified Access Gateway System Settings. By default only the contents of app.log in Secure Email Gateway will be triggered as Syslog events. For more information, see Unified Access Gateway System Settings.

Procedure

  1. Navigate to General Settings > Edge Service Settings > Secure Email Gateway Settings and click the gearbox icon.
  2. Select YES to enable Secure Email Gateway settings.
  3. Configure the following settings.
    Option Default Value and Description
    API Server URL The Workspace ONE UEM API Server URL [http[s]://]hostname[:port]

    The destination URL must contain the protocol, host name or IP address, and port number. For example: https://load-balancer.example.com:8443

    Unified Access Gateway pulls Secure Email Gateway configuration from API server.

    API Server Username User name to log into the API server.
    Note: It is required that the admin account have, at a minimum, the permissions associated with the Secure Email Gateway role.
    API Server Password Password to log into the API server.
    Secure Email Gateway Server Hostname Host name used to configure edge settings.
    MEM Configuration GUID Workspace ONE UEM Mobile Email Management configuration ID. This ID is automatically generated when the Mobile Email Management is configured on the Workspace ONE UEM console console. The Configuration GUID is displayed on the Mobile Email Management configuration page on the UEM console.
    Add SSL Certificate

    Toggle to add the SSL Certificate if the option to locally upload SSL certificate is enabled under Email Settings in UEM Console.

    SSL Certificate Click Select to upload a .PFX or .P12 certificate file.
    Note: You can also upload the SSL Certificate in the Workspace ONE UEM console.

    When the certificate is uploaded locally, the thumbprint of the certificate is displayed on the Admin GUI.

    Password Enter the password for the SSL certificate.
    Outbound Proxy Host The host where the outbound proxy is installed. Unified Access Gateway makes a connection to API Server through an outbound proxy if configured.
    Outbound Proxy Port Port of the outbound proxy.
    Outbound Proxy Username User name to log into the outbound proxy.
    Outbound Proxy Password Password to log into the outbound proxy.
    Trusted Certificates
    • To select a certificate in PEM format and add to the trust store, click +.
    • To provide a different name, edit the alias text box.

      By default, the alias name is the filename of the PEM certificate.

    • To remove a certificate from the trust store, click -.
    Note: Trusted Certificate filename must not contain spaces.
    Host Entries Enter the details to be added in /etc/hosts file. Each entry should include an IP, a hostname, and an optional hostname alias in that order, separated by a space. For example, 10.192.168.1 example1.com, 10.192.168.2 example2.com example-alias. Click '+' to add multiple host entries.
    Note: The host entries are saved only after you click Save.
  4. Click Save.