Google OAuth Access Requirement

2 posts by 2 authors in: Forums > CMS Builder
Last Post: December 18, 2019   (RSS)

By KennyH - December 17, 2019

Just received an email from Google and wanted to see how this will affect CMSB's ability to send email via G Suite (Gmail)

-----------------------------------------

Starting February 15, 2021, G Suite accounts will only allow access to apps using OAuth. Password-based access will no longer be supported.

Dear Administrator,

We’re constantly working to improve the security of your organization’s Google accounts. As part of this effort, and in consideration of the current threat landscape, we’ll be turning off access to less secure apps (LSA) — non-Google apps that can access your Google account with only a username and password, without requiring any additional verification steps. Access through only a username and password makes your account more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method calledOAuthwill be able to access your G Suite account.

Access to LSAs will be turned off in two stages:

  1. June 15, 2020- Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
  2. February 15, 2021- Access to LSAs will be turned off for all G Suite accounts.

What do I need to do?

To continue using a specific app with your G Suite accounts, users in your organization mustswitch to a more secure type of access called OAuth. This connection method allows apps to access accounts with a digital key instead of requiring a user to reveal their username and password. We recommend that youshare the user instructions(included below) with individuals in your organization to help them make the necessary changes. Alternatively, if your organization is using custom tools, you can ask the developer of the tool to update it to use OAuth.

https://developers.google.com/identity/protocols/OAuth2

By daniel - December 18, 2019

Hi KennyH,

Thanks for bringing this to our attention! We are going to have to do some additional research to accurately determine whether or not this will have an impact on CMSB, but it is on our radar and we'll make sure to post updates as we have them.

Thanks!

Daniel
Technical Lead
interactivetools.com