Google Workspace IMAP Configuration

The email-to-ticket feature facilitates automatic ticket creation within the ITSM system directly from incoming emails through IMAP integration securely using OAuth. This enhancement will streamline response times, improve customer support workflows, and elevate the overall customer experience. 

This section outlines the IMAP configuration on the Google Workspace account.

Notes

  • The IMAP configuration has been tested and is compatible exclusively with Google Workspace. 
  • The Organization must have a valid Google Workspace account. 

Configure IMAP for Gmail 

To configure IMAP settings with a Gmail account, perform the following steps: 

  1. Open a Gmail Account with Google Workspace access. Navigate to Settings > See all settings. 
     
    Figure: Settings 
     
  2. Click Forwarding and POP/IMAP. 
     
    Figure: Forwarding and POP/IMAP 
     
  3. In the IMAP access section, select Enable IMAP. 
     
    Figure: Enable IMAP 
     
  4. Click Save Changes 


Configure OAuth 2.0 in Google Cloud to Access Gmail API 

OAuth 2.0 should be configured in Google Cloud to access the Gmail API as it ensures secure authorization, user consent, and token-based access. It adheres to industry standards for compliance and best practices. OAuth 2.0 allows granular access control and easy revocation of access. It reduces the risk as applications don’t need to store user credentials. This setup provides secure, authorized access to user data with minimal risk. 

To configure OAuth 2.0 the following configuration must be made:

  Create a Google Cloud Project 

To create a new Google Cloud Project, perform the following steps: 

  1. Navigate to Google Cloud Console - https://console.cloud.google.com/ 
     
  2. Click My First Project.  
     
    Figure: My first project 
     
  3. On the next page, click New Project. 
     
    Figure: New project 
     
  4. Enter the required details and click Create.  

    Figure: Create project 
     
  5. A notification is displayed after creating the project.  
     
    Figure: Notification


Enable the Gmail API 

To enable the Gmail API, perform the following steps: 

  1. From the notifications, select the created project. 
     
  2. Navigate to the left panel and click APIs and services. 
     
    Figure: APIs and services 
     
  3. On the next page, click Enable APIs and Services.  
     
    Figure: Enable APIs and Services 
     
  4. Search for Gmail API from the list.  
     
    Figure: Gmail API 
     
  5. Click and open the Gmail API. Click Enable.  
     
    Figure: Enable Gmail API 


Configure OAuth Consent Screen  

To configure OAuth Consent Screen, perform the following steps: 

  1. Navigate to the left panel and click OAuth Consent Screen. 
     
    Figure: OAuth consent screen 
     
  2. Select External user type and click Create.  
     
    Figure: External user type 
     
  3. Enter the required details on the Edit app registration page and click Save and Continue.  
     
    Figure: OAuth consent screen 
     
  4. On the next page Scope, click Add or Remove scopes.  
     
    Figure: Add or Remove scopes 
     
  5. Click the Filter icon and select API > Gmail API.  
     
    Figure: Filter  
     
  6. Select the Scope as https://mail.google.com/ and click Update. 
     
    Figure: Gmail API 
     
  7. The added scope is displayed below. Click Save and Continue.  
     
    Figure: Save 
     
  8. On the next tab Test Users, click Add Users.  
     
    Figure: Add users 
     
  9. Add the user's email address and click Add.  
     
    Figure: Add 
     
  10. The added user’s email address is displayed. Click Save and Continue.  

    Figure: Added user email address 
     
  11. The Summary tab displays all the added details. If you wish to edit any field, click Edit.  
     
    Figure: Summary 

 

Create Service Account and Credentials 

To create a Service Account and its credentials, perform the following steps: 

  1. To create credentials, navigate to Credentials on the left panel.  
     
    Figure: Credentials 
     
  2. Click Create Credentials.  
     
    Figure: Create credentials 
     
  3. Select Service Account from the dropdown. 
     
    Figure: Service account 
     
  4. Enter the required details and click Create and Continue.  
     
    Figure: Create  
     
  5. In the next step, grant the service account with access to the created project. Select a Role and click Continue. This is an optional step.  
     
    Figure: Access to project 
     
  6. On the third step, grant users access to the created service account and add the user Gmail account. Click Done. This is an optional step.  
     
    Figure: Access to project 
     
  7. Once the Service account is created, it is displayed on the Credential page. Click the created Service Account.  
     
    Figure: Created service account 
     
  8. Click the Keys tab on the service account details page. 
     
    Figure: Keys 
     
  9. On the Keys page, click Add Key > Create New Key.  
     
    Figure: Create key 
     
  10. Select JSON and click Create.  
     
    Figure: Create JSON 
    A JSON file is downloaded. Save this .JSON file for further use.
     
  11. Click Details tab > Advanced settings. Make a note of the Client ID displayed.  
     
    Figure: Advanced settings 

Delegating Domain-wide Authority to the Service Account 

To delegate domain wide authority to the service account, perform the following steps: 

  1. Log in to Admin Console - https://admin.google.com/ using the Google Workspace account.  
     
  2. Navigate to Main Menu > Security > Access and Data control > API controls. 

    Figure: API controls
     
  3. In the Domain-wide delegation pane, select Manage Domain Wide Delegation. 

    Figure: Manage Domain wide delegation
     
  4. Click Add new. 

    Figure: Add new
     
  5. Enter the service account's Client ID in the client ID field. The client ID for your service account is located on the Service Accounts page. 

    Figure: Add new client ID
     
  6. In the "OAuth scopes (comma-delimited)" field, enter the list of scopes your application requires access to. For this setup, include https://mail.google.com/. This will grant full access to Gmail.
    The suggested list of scopes to added are as follows:
    https://www.googleapis.com/auth/gmail.readonly - Used to read user's email.
    https://www.googleapis.com/auth/gmail.modify - Used to read and modify, but not delete your email.
    https://www.googleapis.com/auth/gmail.send - Used to send email on behalf of the user.
    https://www.googleapis.com/auth/gmail.labels - Used to manage user's mail labels.
    https://mail.google.com/ - Provides full access to Gmail. 

     
  7. Click Authorize. 

The IMAP configuration and setting up OAuth authentication for Google Workspace is completed.