Working with Gmail SMTP

Google has updated its security requirements for sending emails. More information from Gmail here:

https://support.google.com/accounts/answer/6010255

Any ICONICS software that sends emails is affected by this issue, including:

  • AlertWorX and CFSWorX

  • AlarmWorX64 Multimedia and AlarmWorX32 Multimedia

  • ReportWorX64 and ReportWorX email redirector

  • BridgeWorX64 and BridgeWorX email activity

 To configure your system to send email messages using Gmail, choose one of these two possibilities:

1. Creating an App Password (easier but less secure solution)

2. Creating Google OAuth2 account (more secure solution)

Creating an App Password

You can configure and use an App Password to sign into your Gmail account from the ICONICS software that you are using. An App Password is a 16-digit passcode that gives a non-Google application or device permission to access your Google account. 2-Step Verification must be turned on to use the app password.

More details and setting instructions here:

https://support.google.com/mail/answer/185833?hl=en-GB

Creating Google OAuth2 account

To use the OAuth authentication for sending notifications from ICONICS software via Gmail, perform the following tasks:

  1. Create a Google OAuth Project.
  2. Create the OAuth Consent.
  3. Create an OAuth Client.
  4. Switch the Gmail Authentication Method in ICONICS to OAuth 2.0.
  5. Sign in to Gmail using the GmailSample application.
  6. Configure an email node in Workbench, using smtp.gmail.com as the mail server.

Switching Between the App Password and OAuth 2.0 Authentication

You can decide which of the two authentication methods you will use. The default setting is Application Password. To use the OAuth authentication, you need to change the method in the Gmail configuration file and add the ClientID and Client Secret that you obtained after creating an OAuth client for your Google OAuth account. These security settings are used to identify the product to Gmail servers.

To set up the OAuth authentication for Gmail:

  1. Open the file :\ProgramData\ICONICS\Gmail.config.xml.

  2. Navigate to OAuthEnabled and set it to true.

    <OAuthEnabled>true</OAuthEnabled>

  3. Copy the security settings provided by the OAuth account into ClientID and ClientSecret.

    <ClientID></ClientID>

    <ClientSecret></ClientSecret>

  4. Save and close the file.

    Note: Due to security in ProgramData, it is a good idea to re-open the file and verify that the changes were saved.

To change the authentication method back to the App Password, rewrite the OAuthEnabled value to “false”:

<OAuthEnabled>false</OAuthEnabled>

Starting AlertGSenderService.exe

AlertGSenderService.exe provides communication between Gmail mail server and ICONICS mail client. This service must be running to log in and initialize the connection.

Signing-in via ICONICS GmailSample.exe

Sign-in to Gmail via the ICONICS GmailSample.exe application.   

The necessary information will be saved to windows credential sever. 

Note: the windows credential server resets stored security information on reboot. The information should be stored as Persistent: Logged Session.  

Configuring the Email Node with Mail Server:smtp.gmail.com

To enable sending alert notifications via Gmail, you need to create and configure an email node. On the Email Settings tab in the Hardware and Data section, use smtp.gmail.com as the Mail Server.

Potential Issues

Windows Credentials cleared on restart.

Configuration Data is stored to Windows Credential Manager. This information resets on reboot if the data is stored as Persistent: Logged Session. To make the data persistent across reboot, the data must be stored as Persistent: Enterprise. To store the data as Enterprise, run the steps under a local account rather than a domain account.

Recommend solution is running under a DNS account when creating Windows credentials. The intent is to flag the credential as Persistent:Enterprise

Stuck using last Gmail Account.

When creating or changing a Gmail account, Gmail may only allow the last account used. This presents as no ability to change Gmail accounts and a request to login to the previous account. This is often corrected by clearing the browser cache and restarting the browser. 

Mail Naming.

When choosing the name for the mail account, verify that it clears spam and junk mail filters. This issue was experienced during product testing.

See Also:

Email

Workbench MMX64