Working with Gmail SMTP

Google has updated its security requirements for sending emails. More information from Gmail here:

https://support.google.com/accounts/answer/6010255

Any ICONICS software that sends emails is affected by this issue, including:

  • AlertWorX and CFSWorX

  • AlarmWorX64 Multimedia and AlarmWorX32 Multimedia

  • ReportWorX64 and ReportWorX email redirector

  • BridgeWorX64 and BridgeWorX email activity

 To configure your system to send email messages using Gmail, choose one of these two possibilities:

1. Creating an App Password (easier but less secure solution)

2. Creating Google OAuth2 account (more secure solution)

Creating an App Password

You can configure and use an App Password to sign into your Gmail account from the ICONICS software that you are using. An App Password is a 16-digit passcode that gives a non-Google application or device permission to access your Google account. 2-Step Verification must be turned on to use the app password.

More details and setting instructions here:

https://support.google.com/mail/answer/185833?hl=en-GB

Creating Google OAuth2 account

Follow these steps to create an OAuth account. It will also provide a user Client ID and Client Secret to use with the account for a secure authentication.

Using OAuth 2.0 to Access Google APIs  |  Google Identity  |  Google Developers

Select the hyperlink: Google API Console.

·        Select Create OAuth Client ID from the drop down.

·        Application type Desktop app

·        Enter your application name.

·        Press Create.

·        Copy Client ID and Client Secret to safe location.

Adding custom Gmail security settings to ICONICS

You need to add the ClientID and ClientSecret provided by the OAuth account into the Gmail config file. These security settings are used to identify the product to Gmail servers.

a.      Edit the file :\ProgramData\ICONICS\Gmail.config.xml.

b.      Copy the security settings provided by the OAuth account into ClientID and ClientSecret.

                <ClientID> </ClientID>

                <ClientSecret></ClientSecret>

c.      Save the file and close.  

d.      Note: Due to security in ProgramData, it is a good idea to re-open the file and verify the changes were saved.

Switching between the App Password and OAuth 2.0 authentication

You can decide which of the two authentication methods you will use. The default setting is Application Password. To change it, do the following:

a.   Open the file :\ProgramData\ICONICS\Gmail.config.xml.

b.   Find <OAuthEnabled> </OAuthEnabled> and set it to “true”: 

<OAuthEnabled>true</OAuthEnabled>

c.   Save the file and close.  

To change the authentication method back to the “App Password”, rewrite the value to “false”:

<OAuthEnabled>false</OAuthEnabled>

Start AlertGSenderService.exe

AlertGSenderService.exe provides communication between Gmail mail server and ICONICS mail client. This service must be running to log in and initialize the connection.

Sign-in via ICONICS GmailSample.exe

Sign-in to Gmail via the ICONICS GmailSample.exe application. Note: the windows credential server will reset stored security information on reboot. The information should be stored as Persistent: Logged Session.  

The necessary information will be saved to windows credential sever. Note: the windows credential server will reset stored security information on reboot. The information should be stored as Persistent: Logged Session.  

Configure the alert node to use Mail Server: smtp.gmail.com

Potential Issues

Windows Credentials cleared on restart.

Note: Configuration Data is stored to Windows Credential Manager. This information will reset on reboot if the data is stored as Persistent: Logged Session. To make the data persistent across reboot the data must be stored Persistent: Enterprise. To store the data as Enterprise, run the steps under a local account rather than a domain account.

Recommend solution is run under a DNS account when creating Windows Credentials. The intent is to flag the credential as Persistent:Enterprise. 

Stuck using last Gmail Account.

When creating or changing a Gmail account, Gmail may only allow the last account used. This presents as no ability to change Gmail accounts and a request to login to the previous account. This is often corrected by clearing the browser cache and restarting the browser. 

Mail Naming.

When choosing the name for the mail account, verify that it clears spam and junk mail filters. This issue was experienced during product testing.

See Also:

Email

WorkBench MMX64