Mail configuration - Gmail Follow
The ServiceManager uses your email settings for several purposes:
- Monitoring Agents: sends email when Test Agent's result is set to have email notification.
- RPA: email triggers fire RPAs when email is received.
This article describes how to set up a Gmail account in the ServiceManager
You may choose and use any of the 3 authentication methods bellow:
1) Gmail accounts - via OAuth2
Service account
For the ServiceManager to authenticate via OAuth, you need a service account - which is an account that belongs to an application instead of to an individual end user.
You must set up your Service Account from a G-Suite account
One critical step you must complete when trying to authenticate a Google service account using OAuth2, is that you must sign up for Google's paid service "G-Suite". This enables you to delegate domain-wide authority to the service account to send emails attached to a domain you've verified with Google.
Service accounts only work with G-Suite because you have to be able to preauthorize the service account and grant it access to the users account. There is no way to preauthorize a normal user Gmail account, and therefore there is no way to use service account authentication with a normal Gmail account.
Creating a Google service account
https://developers.google.com/identity/protocols/oauth2/service-account
First, create a service account:
-
Open the Service accounts page (you must login the above page via your G-Suite account):
https://console.developers.google.com/iam-admin/serviceaccounts . -
Select a project, or create a new one.
-
Create service account.
-
Under Service account details, type a name, ID, and description for the service account, then click Create and continue. (e.g. name = admin)
-
Under Grant this service account access to project, select role = owner.
-
Click Continue.
-
Click Done.
-
Click add Create key, then click Create.
Next, create a service account key:
-
Click the email address for the service account you created.
-
Click the Keys tab.
-
In the Add key drop-down list, select Create new key.
-
Click Create.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
Delegate domain-wide authority to your service account
This step must be performed by a G-Suite administrator.
To access user data on a Google Workspace domain, the service account that you created needs to be granted access by a super administrator for the domain. For more information about domain-wide delegation, see Control Google Workspace API access with domain-wide delegation.
To delegate domain-wide authority to a service account:
-
From your Google Workspace domain’s Admin console (http://admin.google.com), go to Main menu menu > Security > Access and data control > API controls.
-
In the Domain wide delegation pane, select Manage Domain Wide Delegation.
-
Click Add new.
-
In the Client ID field, enter the client ID obtained from the service account creation steps above.
-
In the OAuth Scopes field, enter a comma-delimited list of the scopes required for your application: https://mail.google.com/
-
Click Authorize.
Enable Gmail API
- Open APIs & Services: https://console.cloud.google.com/apis
- Click Enable APIs and Services.
- Search for "Gmail API" and enable it.
Configure mail settings in your ServiceManager
Open your ServiceManager > Admin > Mail.
Enter either or both:
- imap.gmail.com , port 993 - for reading/listening for emails.
- smtp.gmail.com, port 465 - for sending emails.
SSL must be used with Gmail.
Select Authentication = OAuth2 GoogleCredential, and enter:
- Username = Your G-Suite admin account (NOT Service Account).
- Key file: select the json key file you downloaded (it must be loaded from local_folder/config).
Test your settings, and then save.
2) Gmail accounts - via App Password
- Go to https://myaccount.google.com/security and sign in with your Gmail credentials.
- In the "Signing in to Google" section, enable the 2-Step Verification.
- After enabling 2-Step Verification, return to "Signing in to Google" section
- Click on App passwords
- Select app=Mail and select device=Other , name it "ServiceManager-Dev".
- Done! Copy the app-password provided by Google and use it with your username in the ServiceManager in Admin > Mail.
Use TLS port 587 OR SSL port 465 as in the screenshot bellow.
3) Gmail accounts - via Basic Authentication
Works only until May 30, 2022 for personal accounts. Still works with G-Suite accounts.
Using Gmail account as your mail server requires to configure gmail access for external apps.
1. Navigate to: "https://myaccount.google.com/lesssecureapps?pli=1" and turn on "Access for less secure apps".
2. Use TLS port 587 OR SSL port 465:
3. If Gmail still denies access, try to open https://www.google.com/accounts/DisplayUnlockCaptcha in your browser, and then try again.
Comments
0 comments
Please sign in to leave a comment.