Google Gmail API Account for SMTP Server for Total Access Emailer

Total Access Emailer uses SMTP to send your emails from Microsoft Access. That requires you to have an SMTP email server that allows you to send emails from the FROM addresses you specify. SMTP is a standard email protocol that has existed for decades.

Google SMTP server for sending emails from Microsoft AccessHistory of Google Gmail and SMTP

If you have an email account with Google Gmail, you have an SMTP server. As long as you abide by Gmail's terms and conditions, you'll be able to send emails through their SMTP server using your Gmail address as your From address.

A few years ago, Google changed Gmail so that you needed to explicitly allow it to let programs use its SMTP server by explicitly allowing it to use Less Secure Applications. This is described on our page Setting Google Gmail as the SMTP Server for Total Access Emailer and is fairly easy to implement.

Google Ending Support for Less Secure Apps

Google announced that starting May 30, 2022, Less Secure Apps are no longer supported and a more secure protocol using OAUTH 2.0 is required. The protocol change impacts the security around your Gmail account. The Gmail password is no longer entered in the desktop application which is considered a security issue.

Instead, Google is switching to a new OAUTH 2.0 protocol that requires each application that uses it to be registered as an authorized Google application, and the Gmail account to approve using. This is similar to how web sites and phone applications use Gmail, but is less suited for Windows solutions.

We expected to register Total Access Emailer as an approved Google application for sending emails using SMTP. Unfortunately, Google is not approving any Windows applications as an approved SMTP program for external Gmail users.

You can only create a Google application for yourself that lists which Gmail accounts can use it.

NOTE: If you are only using one Gmail address and your account allows it, you can create an App Password to use in Total Access Emailer.
That is a lot simpler than a Google API client ID. Visit Google Gmail SMTP App Password for details.

Contents

The following sections cover the steps:


Since we cannot create a Google API Client on your behalf, you have to create your own to use your Gmail accounts with SMTP. Because this is only for your organization or the Gmail accounts you specify, you do not need to go through the official Google approval process for public apps.

Paid Google Workspace Accounts versus Free Gmail Accounts

  • If you are part of an organization with a paid Google Workspace, you can create an Internal app to serve all your users.
  • Free Gmail accounts can only create an External app which have more configuration steps and limitations.

Summary of Steps

Most of the steps are identical for Internal and External apps.

  1. Create your own Google API client account to send SMTP emails (Google gives you a Client ID and Secret ID for this).
  2. For External apps, designate up to 100 Gmail accounts that can use it, which you can change any time.
  3. Run Total Access Emailer and enter your Google API Client information.
  4. Have Total Access Emailer launch the Google page so you can log into your Gmail account to authorize it.

After that, the latest versions of Total Access Emailer can send emails from your Gmail account.

  1. Open the Google APIs Console. For detailed Google instructions, visit this page, but it's confusing so follow the steps we provide here.
    Google Cloud Platform
  2. Click [Create Project] on the far right. Then give it a name like "Gmail SMTP". If you have a paid Google Workspace account, your organization should be selected or choose one if you have multiple organizations. Then click [Create]:
    Google new project
  3. Wait for the project to be created to return to the main page. Click [+ ENABLE APIS AND SERVICES] button at the top.
    Google enable APIs and Services
  4. That opens a screen for the Google API Library. Click on the Gmail API box:
    Gmail API
    Then press the [Enable] button to add it, which returns to the dashboard.
  1. Click "OAuth consent screen" from the left border.
    1. If you are part of a paid Google Workspace organization (a Google Workspace User), choose Internal user type, then click [Create]:
      Google OAuth consent screen Internal User Type
    2. If you have a free Gmail account and not a Google Workspace user, you can only choose External. Then click [Create]:
      Google OAuth consent screen External User Type
  2. Enter information for your app. This appears on the Google page when your users approve your application for this Gmail account:
    Google app registration
  3. Scroll down to the bottom and click [Save and Continue] button which goes to the Scopes page:
    Google app Scopes
  4. Click the [Add or Remove Scopes] button which opens a list of scopes on the right. Select the Gmail API, https://mail.google.com which is on the 3rd page:
    Gmail scope for mail.google.com
  5. You can't see it, but scroll down and click on the [Update] button to select it which returns to the Scopes page. Scroll down to the bottom where you see the scope you selected, then click [Save and Continue].
    Gmail restricted scope for mail.google.com
  6. Adding Users
    1. If you are a Google Workspace user, your organization's users are automatically included and you do not see this screen. Just click the [Back to Dashboard] button.
    2. If you are not part of a Google workspace organization, the Test Users page appears to add your users. Click [+ Add Users] to enter the Gmail addresses that are allowed to use your account, then click [Save and Continue]:
      Gmail add test users
      You can come back to this page to add users later.

The final Summary screen appears to confirm your app settings.

  1. From the dashboard, click Credentials on the left border:
    Google Credentials
  2. Click [+ Create Credentials] at the top border and choose [OAuth Client ID]:
    Created Google Credentials OAuth Client ID
  3. When prompted for Application type, choose Desktop App, and give it a name. This name is not shown to the user but for you to manage this OAuth Client:
    Gmail scope for mail.google.com
    Click the [Create] button and wait.
  4. When the OAuth client is created, a screen like this appears:
    Google OAuth Client Created
  5. Copy the Client ID and Secret ID. The latter is only shown on this screen. You need to enter these into Total Access Emailer. You can also download the JSON which also includes the IDs.
  6. This Client ID now appears on your Credentials under OAuth 2.0 Client IDs:
    Google OAuth Client IDs
    You can always come back here to manage the Client ID. You can also repeat this process to create additional Client IDs.

After creating the Google account with the Client ID and Secret ID, you are ready to enter them into Total Access Emailer on the Options, SMTP Settings tab:

  1. SMTP Settings for Gmail. Use TLS, port 587, and server smtp.gmail.com:
    SMTP Gmail Authentication
  2. Click the [Approve on Gmail] button to open the Gmail wizard. Enter your Client ID and Secret ID on this page then press [Next >]:
    Google Gmail Wizard Page 1
  3. On the second page, specify the maximum time you need to approve the Gmail account. Press the [Finish] button to launch the Google page:
    Google Gmail Wizard Page 2
  4. A Google page appears for you to log into your Google Gmail account:
    Google sign in
  5. The following screens depend on whether you created an Internal or External App in Step 2.
    1. An Internal app for a Google Workspace organization is very simple. One screen appears (where App is the name you gave it) and you click [Allow]:
       Approve Google Account for Internal App
    2. External apps and non-Google Workspace organizations:
      1. This screen mentions that Google has not verified it. Press [Continue]:
        Google hasn't verified the app
      2. Authorize the app to use your Google Gmail account by checking the box and press [Continue].
        Approve Google Account
        The warning is very severe and implies Total Access Emailer will do much more than send emails. Rest assured that Total Access Emailer only sends emails and does not go into your Gmail account.
  6. A confirmation message appears:

    OAuth Get Authorization Successful!

  7. Total Access Emailer displays a confirmation form if the approval was completed within the time period:
    Total Access Emailer Gmail Confirmation

Total Access Emailer is now able to send emails with your Gmail account through the Gmail SMTP server. Preview an email blast by sending a message to yourself to confirm the SMTP setting works.


Email from Multiple Gmail Accounts

To email with a FROM address of another account, make sure that email account delegated (shared) itself to the account you authenticated with in step 4 above. See this Google Delegate page for details.

Authorization Expiration

Google may cause your authorization token to expire. The length of time depends on your Google account type and terms, so you may be forced to refresh this from time to time. Total Access Emailer verifies your Google Gmail settings are valid before launching an email blast and while it's sending emails.


Additional Resources

Free Product Catalog from FMS