GSuite email: setup without less secure apps

Dylan-W · 16 December 2019 19:49

Hi, we’re using SuiteCRM with GSuite as our email provider, as I’m sure lots of others are as well. We do this by connecting via IMAP with password based authentication, allowing “less secure apps” and permitting IMAP access in the GSuite settings.

Today Google announced that they are phasing out less secure apps access to Gsuite. Password based access will no longer be supported and instead any apps using Gmail will need to log in through OAuth. We won’t be able to add any new email users to Suite by June 15, 2020.

Since our email through Suite will eventually stop working unless we do something, we might not want to wait until next June. It would probably be better to connect using more secure methods anyways.

Anyone have a current recommended setup with SuiteCRM using Oauth to access Gmail rather than IMAP/ app password? Should we be looking at third party connectors? Or just wait a bit for an update to Suite? We are on 7.11.10.
Thanks,

-Dylan.

pgr · 17 December 2019 10:53

Hey Dylan!

Thanks for pointing this out, I wasn’t aware of it.

Could you please open a new Issue on GitHub explaining this change in GSuite, so we can try to schedule in some time to prepare for it? Thanks!

sfdan · 27 January 2020 18:06

I have posted this issue to github: https://github.com/salesagility/SuiteCRM/issues/8491

Ward · 29 August 2020 14:05

Any updates on a fix for this?

KimHarding · 12 November 2020 14:57

Is there any progress on this? Currently, I am unable to connect to email

Ward · 8 January 2021 02:37

I am paying a developer to create an ‘app’ to send out via Gmail, once it’s approved and working, hopefully within a week or two, I’ll try to remember to share the info here and donate the relevant code to the Community.

pgr · 8 January 2021 10:17

It seems that Google cancelled the deprecation of these “less secure apps”.

However, we should still make SuiteCRM compatibly with the new, more secure scheme.

As far as I can tell it should be just a matter of storing an extra bit of data (OAuth token) and being able to present it to Google when connecting. There’s probably some work to be done around the flow of the email settings - taking users to the Google sign-in page and getting the token back from that automatically.

pstevens · 12 January 2021 22:25

I’ve had success with gmail and using App Passwords instead of less secure apps. I haven’t tried for Gsuite. You can find more info here.

https://support.google.com/accounts/answer/185833?hl=en

robert_sinclair · 13 January 2021 06:20

Just some general pointers about how we did it

In Google API interface created a service account
In Workspace (formerly G suite) enabled domain wide authority for the above
Modified the core functionality that sends out emails so it sends emails using API calls (currently WIP)

Instead of Service Accounts you can also go the more traditional OAUTH 2 way which involves having each user grant access to the app through a consent screen, but with service account it’s easier because you don’t need to request permissions and token refresh is more reliable

Once we finish with the core modification I’d love to share the code also.

Ward · 24 March 2022 19:29

Thanks for sharing Robert - curious to know how this API/domain auth approach is working for you?

1reason · 1 April 2022 15:53

Just following and wondering if a solution is at hand. I am not able to get past authentication errors (gmail via workspace/G suite) states email/password combination is not valid (when of course it is). I am using Vultr hosting as the staging server

robert_sinclair · 1 June 2022 16:02

i would try enabling “less secure apps” may for that user? sometimes it helps

vijay1992 · 2 June 2022 05:54

Hi,
please look at this: Simple Steps to Configure Inbound Email Settings in SuiteCRM

Watch Video: How to Bypass 2 step verification for Third-Party Apps using App Password - YouTube