This feature is only available with G Suite Enterprise and G Suite Enterprise for Education.
This article answers questions about client support for hosted S/MIME and message signing and encryption.
Which clients support hosted S/MIME?
Hosted S/MIME is supported when sending email using Gmail clients from Google for web and mobile devices and other clients, such as IMAP. If you send a message using the other clients, Gmail will add the S/MIME certificate, sign the message and encrypt it if possible. You should not add the S/MIME certificate to the client itself since the S/MIME signature/encryption is hosted by Gmail.
Why are are some of my recipients getting messages with a 'smime.p7s' attachment?
If the recipient’s email client doesn't support S/MIME, the messages you send will include the certificate as a smime.p7s attachment. Gmail on web, Android and iOS, and Inbox will not show the S/MIME attachments.
Can I use hosted S/MIME with mailing lists?
If you send an email signed with S/MIME to a mailing list, such as Google Groups, the mailing list might break the signature by modifying the message (by adding a footer, for example), which would cause S/MIME verification to fail.
Why do some messages fail verification or decryption when accessing in Thunderbird?
You can configure Thunderbird to not download attachments larger than a given size. Since S/MIME data is stored as an attachment, if the S/MIME attachment is too large, this can prevent S/MIME processing.