Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-custom-branding

Custom Branding

This feature is only available with a Sophos Email Portal Encryption add-on license.

You can customize the branding of your encryption portal and encrypted messages with your organization's logo and colors. You can also select administrators to grant access to the administration portal and configure sender and recipient features.

This ensures that all relevant sections of the encryption portal and encrypted messages reflect your corporate identity.

Custom branding includes several other features, such as personalizing notifications with your organization's address and contact information, turning on message recall, allowing recipients to log in using social connectors, and so on.

Apply for custom branding

If you have a Portal Encryption license, you can start filling out the form to apply for custom branding of your encryption portal and encrypted messages.

Show me how

To apply for custom branding, do as follows:

  1. Go to My Products > General Settings > Encryption Settings.
  2. Click Download Branding Guidelines, and review the guidelines before you proceed.

  3. On the right-hand side of the form, Account Name, Region, and Email Domains are automatically filled out and can't be modified.

    If you need to modify these settings, contact Sophos Support.

Continue to Brand encryption portal and messages.

Brand encryption portal and messages

First, you can apply your branding elements such as the portal name, logo, and colors.

  1. In Portal Name, enter a name for your encryption portal.

    Your portal name appears in encryption messages, notifications, and descriptions of the service.

  2. In Portal Logo, click Browse to upload your corporate logo file from your local computer.

    Note

    The maximum file size is 5 MB, and the file must be in JPEG, PNG, or GIF format. The file will be resized to 225 by 88 pixels to fit the required dimensions.

    Your corporate logo appears next to the portal name in the encryption messages and notifications.

  3. In Portal Colors, set the Background Color and Foreground Color using hexadecimal or RGB notation. For example, white is 0xFFFFFF or 255, 255, 255.

    Note

    The background color should match the background color of your website where your corporate logo is displayed. The foreground color is used for the service name and other titles.

Continue to Grant administrator access.

Grant administrator access

Next, you can grant administrator access through the following settings.

  1. In Administrators, select the users who'll perform administration tasks such as managing recipient accounts, which includes resetting a recipient's password if forgotten, running reports, and so on.

  2. Turn on Multi-factor Authentication.

    When you turn this setting on, users must authenticate using multi-factor authentication (MFA) through a time-based one-time password (TOTP) authentication app, such as Google Authenticator, Microsoft Authenticator, or Authy.

  3. In Time Zone, select the appropriate time zone for dates appearing in notification emails and the encryption portal.

  4. In System Email Address, select the email address to use as the "From" address on "no-reply" notifications, such as registration emails.

Continue to Customize recipient features.

Customize recipient features

Next, in Customize recipient features, you can customize recipient features, including security options and sign-in methods.

  1. Set the default languages for the activation email.

    We recommend that you select a limited number of languages to avoid making the message look suspicious. The languages chosen by the recipient will be used for all subsequent notifications.

  2. Turn on Reply All to allow your recipients to reply to all senders of portal-encrypted emails.

  3. Turn on 2-Step Verification via TOTP (Authenticator Apps) to require your recipients to use 2-step verification using authenticator apps for secure access to the encryption portal.

    You can leave this setting as Optional if you want the recipient to decide whether to use multi-factor authentication.

  4. Turn on Social Connector Sign-In to Secure Message web-portal to allow your recipients to log in using the following OAuth social connectors.

    • Facebook
    • Google
    • Windows Live
    • Office 365

  5. Turn on Passwordless Login to allow your recipients to log in securely using biometric authentication, such as fingerprint or Face ID.

    This setting works on most modern devices, including mobile devices, laptops, and other hardware that supports biometric authentication.

  6. Turn on Challenge Questions to require recipients to answer three challenge questions when they create a Secure Message portal account.

    These questions are later used for password recovery.

  7. Turn on Alternate Address to require recipients to provide an alternate email address when they create a Secure Message portal account.

    If they forget their password, a recovery message will be sent to their alternate address.

Continue to Customize sender features.

Customize sender features

Next, in Customize sender features, you can customize sender features, including how encrypted messages are delivered and managed.

  1. In Message Expiry Period, select a message expiration period from 1 to 30 days.

  2. Turn on Sender Notification to notify the sender when their messages are encrypted and delivered, collected, or expired.

    The notification email includes a link to the encryption portal which allows the sender to view the message status or recall the message.

  3. In Customize Message Template, add any additional text to appear as a footer on encrypted envelopes.

    It's recommended to include information on how recipients can get support if they experience issues accessing the encrypted messages.

Continue to Submit your provisioning form.

Submit your provisioning form

Complete your custom branding request and submit your provisioning form.

  1. (Optional) In Special Instructions, enter comments, feedback, or instructions that will be included in your custom branding provisioning request.

    We'll try our best to accommodate your instructions. If we can't accommodate them immediately, we'll note them as feedback for future enhancements.

  2. Click Submit.

  3. In the confirmation dialog, click Confirm.

    Warning

    After you submit the custom branding request, you can't modify it. If you need to change your request, contact Sophos support.

Your request for custom branding setup is submitted for provisioning. This process takes approximately seven business days. After provisioning is completed, the custom-branded encryption portal and encryption messages will be available for use.

You'll receive a notification email with a link and credentials to log in to the encryption portal and set up your account. The temporary password expires in one day, so make sure to complete your setup before it expires. If needed, you can generate a temporary password again by clicking Forgot Password in the administration portal.

After you complete the setup, you'll receive a confirmation email.

More resources

To learn more about custom branding, watch the following video: