Google Email Integration with OAuth 2.0
    • 20 Oct 2022
    • PDF

    Google Email Integration with OAuth 2.0

    • PDF

    Article summary

    You can set up email integration with the OAuth 2.0 protocol with Microsoft 365 or Google. The instructions below can be applied to incoming or outcoming email integration or both.

    EmailFormfilesOAuthServiceProvider2.jpg

    To set up outgoing/incoming email integration with the OAuth 2.0 protocol with Google

    1. From the Protocol drop-down, select OAuth 2.0.
    2. Select Google.
      EmailFormfilesOAuth2FormGoogle1.jpg
    3. Create a project in Google:
      1. Navigate to Google Cloud Platform Console. If you haven't used this Google Cloud Platform Console yet, agree to their terms and conditions.
      2. Click Select a project.
        EmailFormfilesGoogleSelectProject1.jpg
      3. Click New Project.
        EmailFormfilesGoogleNewProject1.jpg
      4. Enter a Project name, select an Organization and Location, and click Create.
    4. Add Gmail API and Google Calendar API scopes:
      1. From the Navigation menu, select APIs & Services > Library.
        EmailFormfilesGoogleLibrary1.jpg
      2. Search for "Gmail API"and select it from the search results.
      3. Click Enable.
        EmailFormfilesGoogleEnable1.jpg
      4. Search for "Google Calendar API" and select it from the search results.
      5. Click Enable.
    5. Create a service account
      1. From the side menu, click Credentials.
        EmailFormfilesGoogleCredentials1.jpg
      2. Click Create Credentials.
      3. Click Service Account.
        EmailFormfilesGoogleServiceAccount1.jpg
      4. Enter any name for your service account.
      5. Click Create.
        EmailFormfilesGoogleCreateServiceAccount1.jpg
    6. Set Owner access:
      1. In the 'Grant This Service Account Access to Project' step click within the Select a role field. 
      2. In the window that appears, select Project > Owner.
        EmailFormfilesGoogleOwner1.jpg
      3. Click Continue.
      4. Click Done.
    7. Edit the App registration:
      1. From the side menu, click OAuth consent screen.
        EmailFormfilesOAuthConsentScreen1.jpg
      2. Select Internal.
      3. Click Create.
        EmailFormfilesGoogleInternalCreate1.jpg
      4. Enter an application name (e.g. SysAid).
      5. Click in the User Supported Email field and select your email address.
      6. In the 'Developer Contact Information area enter the email address for the relevant developer,
      7. Click Save and Continue.
    8. Enter scope
      1. From the Scopes screen, click Add or Remove Scopes.
      2. Enter https://mail.google.com/.
      3. Select the option that appears in the drop-down.
        Note
        If the option you are searching for doesn't appear in the drop-down you may need to the enable the API on your account. Click the link for the Google API Library, search for the Gmail API and follow the instructions for enabling the API.
      4. Select the check box for Gmail API.
      5. Click Update.
      6. Repeat the Add Scope process and search for https://www.googleapis.com/auth/calendar to add the Google Calendar API.
      7. At the bottom of the Scopes screen, click Save and Continue.
    9. Review the Summary page, and click Back to Dashboard.
    10. Generate a JSON credentials file:
      1. From the main navigation menu, select IAM and Admin > Service Accounts.
      2. Click your new service account.
      3. Select the check box for Enable G-Suite Domain-wide Delegation.
        EmailFormfilesGoogleDomainWideDelegation1.jpg
      4. Click Add Key.
      5. Click Create new key.
        EmailFormfilesGoogleCreateNewKey1.jpg
      6. Select JSON.
      7. Click Create.
        EmailFormfilesGoogleJSONCreate1.jpg
      8. Save the downloaded JSON file to a location on your PC where you can access it later.
      9. Click Save.
    11. Configure the Google admin console:
      1. Navigate to the Google admin console (https://admin.google.com/):
      2. Click Security.
      3. Navigate to Access and data control > API Controls.
      4. Click  Manage Google Services.
        EmailFormfilesGoogleManageGoogleServices1.jpg
      5. Make sure Gmail and Calendar are marked as unrestricted.
        EmailFormfilesGoogleUnrestricted1.jpg
      6. Return to the Advanced Settings screen and select Manage Third-Party App Access.
        EmailFormfilesGoogleManage3rdParty1.jpg
      7. Click Configure new app.
      8. Select OAuth App Name Or Client ID.
        EmailFormfilesGoogleOAuthAppName1.jpg
      9. In the search box, enter the value of the 'client_id' parameter from your JSON file.
      10. Select the application you created.
        EmailFormfilesGoogleAppName1.jpg
      11. Select both Client ID check boxes and click Continue.
        EmailFormfilesGoogleClientIDSelect1.jpg
      12. Under App Access, select Trusted Can Access All Google Services.
      13. Click Configure.
        EmailFormfilesGoogleAppAccessConfigure1.jpg
      14. Return to the Advanced Settings screen and select Manage Domain Wide Delegation.
        EmailFormfilesGoogleManageDWD1.jpg
      15. Click Add New.
        EmailFormfilesGoogleAPIClientsAddNew1.jpg
      16. In client ID field enter value of the 'client_id' parameter from your JSON file.
      17. In the OAuth scopes field, enter https://mail.google.com/ and https://www.googleapis.com/auth/calendar.
      18. Click Authorize.
        EmailFormfilesGoogleClientIDAuthoirize1.jpg
    12. Enter the generated values in SysAid:
      1. Open the JSON file you generated.
      2. Copy the value of the "client_id" parameter.
      3. Paste the value into the Service Account field in SysAid.
      4. Copy the value of the "private_key" parameter.
      5. Paste the value into the Private Key field in SysAid.
    13. Follow the instructions in the relevant links below to fill out the rest of the email form. Be sure that the inbox that you set up for incoming email integration is dedicated specifically for incoming email integration with SysAid and not used for any other purposes.

    Related content
    Email list
    Required network access
    Email form
    Outgoing email
    Incoming email
    Microsoft 365 Email Integration with OAuth 2.0
    Email rules