Overview
Opensense integrates with Google Workspace through Gmail's Content Compliance engine and the Gmail API. This allows Opensense to manage email signatures centrally, enforcing brand consistency, compliance requirements, and marketing campaigns across outbound email. Depending on your deployment method, signatures can be applied server-side after send, pushed into Gmail native signature settings, or both together.
How the integration works
Opensense connects to Google Workspace through two components that work together depending on your deployment method:
Content Compliance rules in Google Admin Console — route qualifying outbound emails from Gmail to Opensense. Opensense applies the correct HTML signature and any configured marketing banners, then returns the email to Gmail via TLS for final delivery. Required for stamping and plaintext block push deployments.
The Opensense Google Workspace Marketplace app — installed during the integration process. Grants Opensense permission to sync user data from Google Directory and, where applicable, push signatures directly into users' Gmail native signature settings. Opensense never accesses inbox contents. For a full list of permissions granted during installation, see Opensense Google Marketplace App Scope.
User data including name, title, phone, and department is sourced from Google Directory and synced to Opensense for dynamic signature population. The combination of components you use depends on your deployment method.
Google Workspace Architecture Diagram
Deployment methods
Opensense supports three deployment methods for Google Workspace. Methods can be used independently or in combination.
Stamping via Content Compliance
A Google Workspace Super Admin configures a Content Compliance rule to route qualifying outbound emails to Opensense. Opensense applies the full HTML signature and any banners post-send, then returns the email to Gmail for delivery. Works across all devices and email clients because it operates at the mail flow level. No compose visibility. Full compliance enforcement, recipient-based targeting, and advanced analytics.
Plaintext block push
The Opensense Pusher tool injects a plaintext signature block into each user's Gmail native signature settings. When the user sends, a Content Compliance rule routes the email to Opensense for server-side transformation into the full HTML signature. Gives users compose visibility while maintaining server-side control and the full marketing feature set. If the Pusher tool cannot reach a user's environment, the block can be delivered by email instead. For self-service scenarios where neither option applies, users can save the block themselves via MySig.
Visual preview push
The Pusher tool pushes the full rendered HTML signature into each user's Gmail native signature settings. Because the signature is already present client-side, no routing to Opensense is required at send time. Designed for organizations that cannot allow third-party mail flow for privacy or compliance reasons.
Unlike the Opensense Outlook Add-in, the Google visual push is not live in the compose window. The signature is a static push into Gmail settings. If the signature template changes or a user's directory data is updated, the signature in Gmail does not update automatically. A manual re-push by an admin is required, unless the Google Add-on is installed with auto-push enabled at the group level, in which case the user can trigger an update themselves by saving a field change in the add-on.
Stamping and plaintext block push are commonly used together. Stamping covers mobile devices and third-party clients that do not use Gmail's native compose, while the plaintext block push gives desktop Gmail users compose visibility.
The Opensense Google Add-on
The Opensense Google Add-on brings signature field management directly into Gmail. It is deployed centrally by a Google Workspace Super Administrator and appears automatically in the Gmail sidebar. No individual installation is required and there is no propagation delay.
Users can view their signature fields, edit any unlocked fields, and click Update Signature to save changes. Updates sync immediately to Opensense. When a user edits an unlocked field, the sync between that field and the original directory source (Google Directory, Okta, etc.) is intentionally broken for that field, preventing the user's input from being overwritten on the next automatic directory sync.
If auto-push is enabled for the user's group in Opensense, saving a field update automatically pushes the updated signature back to the user's Gmail native signature settings. The push type (plaintext block or visual preview) is configured per group. Without auto-push, signature updates require a manual re-push by an admin.
For full add-on documentation including auto-push configuration, field locks, Custom Compose Fields, and Signature Fields Only, see Opensense Google Add-on Overview.
Key integration dependencies
Google Workspace account — required for all users. Consumer Gmail accounts are not supported.
Super Admin access — required to configure Content Compliance rules and install the Opensense Google Workspace Marketplace app.
Opensense Google Workspace Marketplace app — installed during integration. Grants Opensense permission to sync Google Directory data and push signatures to Gmail settings. Requires the Gmail manage settings permission scope for push methods.
Content Compliance rule — required for stamping and plaintext block push methods. Configured in Google Admin Console to route qualifying emails to Opensense.
DNS records — SPF and other DNS entries must be updated for all sending domains to maintain deliverability.
For full integration setup requirements, see Google Workspace Integration Overview.