Google Workspaces (GMail)

The Gmail/GSuite SMTP servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol (basic authentication is no longer an option). QMS now supports authenticating with a GMail SMTP server using OAuth. Follow these steps to configure your GMail SMTP service for integration with QMS.

 This service is not supported by the free personal Gmail service, you will require a paid Google Workspace account in order to create Google Service Accounts and access to the Google Admin Console.

 

Create a new Google Workspace Project

Open Google Developer Console, and create a new project (it does not matter what it is called):

Create the Service Account

After creating the project, expand the left-hand menu and click "API & Services" and then "Credentials".

Under the Service Accounts section, click Manage Service Accounts, then Create Service Account (it does not matter what it is called).

Click Create and Continue, then grant the service account the Role of Owner:

Click Done to create the service account. Make a note of the Client ID of the new account as you will need it later.

 

Enable Domain Wide Delegation

We must now grant the service account domain-wide delegation in your google workspace.

 Domain Wide Delegation grants the service account access to your user data without your users having to individually give consent or their passwords, so care needs to be taken with this privilege. In this case we ensure the scope is limited to the SMTP service.

Open Google Admin Console. Click on Security, then Access and Data Control, then API Controls and finally on Manage Domain Wide Delegation.

Click Add New, then enter the Client ID of your service account and give access to the https://mail.google.com scope.

 

Generate Private Key

Go back to your service account in the developer console (IAM & Admin, Service Accounts) and click on the service account to bring up the details page. Make a note of the Email address. You will need this later for the QMS configuration.

Then click on Keys, then Add Key. I recommend you use the JSON format. Creating a new key will download a JSON file to your machine. Don't lose this as you only get one chance to download the key, it cannot be recovered later. You will need the key later for the QMS Configuration.

 

QMS Configuration

Open your QMS administator website and navigate to Administration, General Settings. Under the Email Settings enter the following configuration:

  • Select SMTP OAuth Authentication

  • SMTP Server: smtp.gmail.com

  • SMTP Port: 587

  • OAuth Client ID: enter the Email address of your google service account

  • OAuth Client Secret: enter the private key of your google service account

  • To Email Address(es): enter the email addresses that you want the QMS emails to be sent to.

  • From Email Address: enter a user's email address from your google workspace that you want the QMS emails to appear to be sent from.

To obtain the private key from the downloaded JSON file, open the file in a text editor and copy the lines from "-----BEGIN PRIVATE KEY-----\n" to "\n-----END PRIVATE KEY-----\n" (including these lines).