GSuite email: setup without less secure apps

Hi, we’re using SuiteCRM with GSuite as our email provider, as I’m sure lots of others are as well. We do this by connecting via IMAP with password based authentication, allowing “less secure apps” and permitting IMAP access in the GSuite settings.

Today Google announced that they are phasing out less secure apps access to Gsuite. Password based access will no longer be supported and instead any apps using Gmail will need to log in through OAuth. We won’t be able to add any new email users to Suite by June 15, 2020.

Since our email through Suite will eventually stop working unless we do something, we might not want to wait until next June. It would probably be better to connect using more secure methods anyways.

Anyone have a current recommended setup with SuiteCRM using Oauth to access Gmail rather than IMAP/ app password? Should we be looking at third party connectors? Or just wait a bit for an update to Suite? We are on 7.11.10.
Thanks,

-Dylan.

2 Likes

Hey Dylan!

Thanks for pointing this out, I wasn’t aware of it.

Could you please open a new Issue on GitHub explaining this change in GSuite, so we can try to schedule in some time to prepare for it? Thanks!

I have posted this issue to github: https://github.com/salesagility/SuiteCRM/issues/8491

2 Likes

Any updates on a fix for this?

1 Like

Is there any progress on this? Currently, I am unable to connect to email

I am paying a developer to create an ‘app’ to send out via Gmail, once it’s approved and working, hopefully within a week or two, I’ll try to remember to share the info here and donate the relevant code to the Community. :innocent:

3 Likes

:heart:

It seems that Google cancelled the deprecation of these “less secure apps”.

However, we should still make SuiteCRM compatibly with the new, more secure scheme.

As far as I can tell it should be just a matter of storing an extra bit of data (OAuth token) and being able to present it to Google when connecting. There’s probably some work to be done around the flow of the email settings - taking users to the Google sign-in page and getting the token back from that automatically.

I’ve had success with gmail and using App Passwords instead of less secure apps. I haven’t tried for Gsuite. You can find more info here.

https://support.google.com/accounts/answer/185833?hl=en

Just some general pointers about how we did it

  • In Google API interface created a service account
  • In Workspace (formerly G suite) enabled domain wide authority for the above
  • Modified the core functionality that sends out emails so it sends emails using API calls (currently WIP)

Instead of Service Accounts you can also go the more traditional OAUTH 2 way which involves having each user grant access to the app through a consent screen, but with service account it’s easier because you don’t need to request permissions and token refresh is more reliable

Once we finish with the core modification I’d love to share the code also.

3 Likes