Edit

Connect Gmail accounts by using OAuth 2.0

  • Article

Follow the steps in this article to set up server-side synchronization to send and receive email in customer engagement apps (such as Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Marketing, Dynamics 365 Field Service, and Dynamics 365 Project Service Automation) from Gmail accounts by using OAuth 2.0 as the authorization mechanism.

Note

The Gmail OAuth email server profile works for up to 100 users. Create multiple OAuth profiles (steps 1 through 4) if you want to associate the same profile with multiple users.

Step 1. Enable IMAP or POP in Gmail

Note

These steps should be done by the system administrator.

For IMAP, follow the steps in Check Gmail through other email platforms.

For POP, follow the steps in Read Gmail messages on other email clients using POP.

Step 2. Create a project

Note

These steps should be done by the system administrator.

Using a Google account (this can be the same one you'll use to send and retrieve email, or a different one), go to the Google Developers Console and create a new project.

Follow the steps for Create a project in Create, shut down, and restore projects.

Note

These steps should be done by the system administrator.

  1. Select OAuth consent screen, and then select the user type:

    • Select Internal if you're using a GSuite admin tenant and will be creating the app exclusively for your organization.
    • Select External if you're testing by using a standalone Gmail account.

    Screenshot of the OAuth consent screen.

  2. Select Create.

  3. Under Application name, enter the application name. Under Authorized domains, enter your environment's top private domain name (for example, dynamics.com). Select Save.

    Screenshot of entering application name and domain.

  4. Select Credentials > Create credentials.

    Screenshot of the Create credentials command.

  5. Select OAuth client ID.

  6. Select Configure consent screen.

  7. Enter the following settings:

    Setting Use
    Application type Web application
    Name The name of your web client
    Authorized JavaScript origins Your environment's URL (for example, https://contoso.crm.dynamics.com)
    Authorized redirect URIs Your environment's URL with /_grid/cmds/dlg_gmailoauth.aspx appended to it (for example, https://contoso.crm.dynamics.com/_grid/cmds/dlg_gmailoauth.aspx)

    Screenshot of creating the OAuth client ID.

  8. Select Create. In the screen that appears, make note of the client ID and client secret. You'll use this data in the next step.

Step 4. Create an email server profile

  1. In the Power Platform admin center, select an environment.

  2. On the command bar, select Settings > Email > Server profiles.

    Screenshot of email server profile settings.

  3. On the command bar, select New server profile.

    Screenshot of creating a new server profile.

  4. For Email Server Type, select Gmail, and then specify a meaningful Name for the profile.

    Screenshot of creating a new server profile for Gmail.

  5. If you want to use this server profile as the default profile for new mailboxes, turn on Set as default profile for new mailboxes.

  6. For Authentication Type, select Gmail OAuth.

  7. For Client id and Client Secret, enter the information you noted in step 8 of the previous procedure.

    Note

    The Locations and ports fields are automatically populated.

    Screenshot of creating a new server profile for Gmail using Oauth.

  8. Expand Advanced, and then use the tooltips to choose your email processing options.

  9. When you're done, select Save.

Step 5. Configure the mailbox

Note

These steps should be done by the mailbox user.

  1. In the web app, go to Settings (Settings.) > Advanced Settings.

  2. Select Settings > Administration.

  3. Select Settings > Email configuration > Mailboxes.

  4. Select the mailbox for the user configured in previous steps.

  5. Use the following settings:

    Setting Use
    Server profile The profile created in step 4
    Incoming email Server-Side Synchronization or Email Router
    Outgoing email Server-Side Synchronization or Email Router

    Screenshot of OAuth mailbox information.

  6. Select Save.

  7. Select Signin to Gmail.

  8. Proceed through the Gmail sign-in and authorization pages.

Step 6. Add test users

In the Google Cloud Platform (Developer Console), add users in the Test Users section when publishing the app. More information: Google Cloud Platform Console Help

Screenshot of adding test users.

Step 7. Test and enable

Note

These steps should be done by the mailbox user.

Select Test & Enable Mailbox to test the mailbox configured in step 6.

Screenshot of the Test & Enable Mailbox command.