Symantec Web Email Protection (formerly known as PGP Web Messenger) Email Delivery Options not displayed for Symantec Encryption Management Server (SEMS, formerly known as PGP Universal Server).
After receiving a Web Email Protection Email invitation, when clicking the link to view the message to setup the passphrase and delivery preference, no Delivery Preference options are displayed.
This issue can appear on SEMS which was upgraded from PGP Universal Server 2.x to 3.x. If the PGP Universal Server 2.x was configured with the option Exclude non-matching users by default for the Internal Users:Default policy, SEMS 3.x also excludes external users that do not match the policy and places the user into the Excluded Users policy. This was typically done on PGP Universal Server 2.x when Internal Users needed to match a Custom Policy, and if the users did not match, they would be excluded. This logic carries over, but works differently on SEMS.
SEMS 3.x has grouping logic, in which users are grouped into a SEMS Group, and the Group is then associated to a Policy, or Consumer Policy. One of the groups is called "Everyone", in which all Internal and External Users belong. If the Everyone group is associated to the Excluded Consumer Policy, this will essentially eliminate all policy options for External Users, thus taking away all options for Web Email Protection.
Therefore, External Users placed in the Excluded policy do not have the option to change their Web Messenger delivery preferences. This issue can be resolved by creating a new SEMS Group and designate the External Users to use an appropriate policy for the Group.
If similar behavior from PGP Universal Server 2.x is desired with SEMS 3.x, it is recommended to create a Consumer Policy designated specifically for External Users, and an External Users Group. To create the Consumer Policy for External Users, click on Consumers, Consumer Policy, and click Add Policy, and give it a name such as "External Users". This will be used for the next steps in creating a group. Configure the External Users Web Email Protection policy as needed.
To create a new user Group and associate to the External Users Policy
- On SEMS, click Consumers > Groups.
- Click Add Group. The Group Settings: Add Group dialogue is displayed.
- In the Group Name, type a name for the group, such as External Users.
- Leave the checkmark next to Apply Consumer Policy to members of this group and select the External Users, Consumer Policy.
- Select the Membership tab.
- Place a checkmark next to Match Consumers by Domain, Dictionary, or Type.
- Click the down arrow and select External User.
- Click Save.
What this will do is associate all users who are not part of the Managed Domain list (under Consumers, Managed Domains, this is for Internal domains only), to be grouped into this External Users Group on SEMS, and will subsequently point to the External Users Consumer Policy. It will also have logic to map anyone else who is not part of a custom Group to be mapped to the Everyone Group, and subsequently to the Excluded Consumer Policy. In other words, if the user is not an External User, or is not part of a custom Group, the users will become excluded.
WARNING: Do not place external domains in the Managed Domains list, this is strictly for internal domains.
Once the External Users are members of a valid group and policy, the delivery options are displayed when logging into the Web Email Protection accounts.
This issue can also be caused if the Everyone group is not associated with a Consumer Policy. By default, the Everyone group is assigned the Default policy but it is possible to change this setting so that the Everyone group is not associated with any policy. To resolve this, simply associate the Everyone group to a policy:
- Navigate to Consumers, Groups.
- Click on the Everyone group.
- Click on the Group Settings... button.
- Enable the Apply Consumer Policy to members of this group option.
- Select a policy from the drop down list.
NOTE: If an External Users policy and External Users Group was created, then the Everyone Group can still point to the Excluded Group and still have Web Email Protection Settings. If the External Users policy and External Users Group was not created, please ensure the Everyone Group is associated to a Consumer Policy, other than Excluded. Re-evaluation of Internal User policy may need to be done if going with this option, as this will mean Internal Users on SEMS who don't match a specific custom Consumer Policy Group, will be set to the Everyone group, and will have policy applied accordingly.