As a user of Google products, you have certainly…
As part of Google's commitment to user safety, Google Workspace customer Sign-in will no longer be supported for third-party apps or devices that require users to share their Google username and password. This outdated sign-in method, called Less Secure Applications (LSA), puts users at additional risk because it requires sharing Google Account credentials with their apps and devices. third-party. This can make it easier for bad guys to gain unauthorized access to your account.
Instead, you will need to use Sign in with Google option, which is a safer and more secure way to sync your email with other apps. Sign in with Google takes advantage of the industry-standard and more secure Auth authentication method already used by the vast majority of third-party apps and devices.
Google also did informed to customers in 2019 and will update more about the timing of this.
Access to less secure applications (LSA) will be disabled in two stages:
- Starting September 30, 2024:
- The LSA settings will be removed from the Admin Console and can no longer be changed. Enabled users can connect during this time, but disabled users will no longer be able to access the LSA. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols like CalDAV, CardDAV, IMAP, SMTP, and POP.
- The IMAP on/off setting will be removed from the user's Gmail settings.
- If you used LSAs before this date, you can continue to use them until September 30, 2024.
- Starting September 30, 2024:
- Access to LSA will be disabled for all Google Workspace accounts. CalDAV, CardDAV, IMAP, POP, and Google Sync will no longer work with password-only logins — you'll need to Log in with a more secure protocol than OAuth.
As part of this change, Google Sync will also stop working:
- September 30, 2024: Existing Google Sync users will not be able to connect to Google Workspace. Now you can
- September 30, 2024: Existing Google Sync users will not be able to connect to Google Workspace. Now you can Move your organization away from Google Sync. To find Google Sync usage in your organization, please visit the Admin console, navigate to Devices > Mobile & endpoints > Devices, and filter by Type: Google Sync.
See below for specific guidance for admins, end users, and developers about this change.
Admins and end users
Admins: Prepare your users
For your end users to continue using these types of apps with Google Workspace accounts, they must switch to a more secure type of access called OAuth. You will receive additional information via email with affected users in your organization in the coming months. Google recommends sharing the user guide (included below) to help them make the necessary changes.
Impact on Mobile Device Management (MDM)
If your organization uses a mobile device management (MDM) provider to configure IMAP, CalDAV CardDAV, POP, or Exchange ActiveSync (Google Sync) profiles, these services will be removed downstream. times below:
|June 15, 2024||Password-based MDM push of IMAP, CalDAV, CardDAV, STMP, POP, and Exchange ActiveSync (Google Sync) will no longer work for clients attempting to connect to LSA for the first time.
If you use Google Endpoint Management, you will not be able to enable the “Custom push configuration” setting for CalDAV and CardDAV.
|September 30, 2024||Password-based MDM push of IMAP, CalDAV, CardDAV, SMTP, and POP will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will add their Google account back to the iOS device using OAuth.
Password-based Exchange ActiveSync MDM push (Google Sync) will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will add their Google account back to the iOS device using OAuth.
If you use Google Endpoint Management, “Custom Push Configuration-CalDAV” and “Client Push Configuration-CardDAV” (see more details about the settings here) will no longer be available.
Scanners and other machines
If you have a scanner or other device that uses simple mail transfer protocol (SMTP) or LSA to send email, you will need to: configure them to use OAuth, use an alternate method, or configure a Password. application password for use with the device.
If you're using an app that accesses your Google Account using just your username and password, do one of the following to continue accessing your email, calendar, or contacts. If you don't take one of the following actions before September 30, 2024, you'll start receiving an error message stating that your username-password combination is incorrect and you won't be able to sign in.
|Outlook 2016 or earlier||Migrate to Microsoft 365 (formerly known as Office 365, the web-based version of Outlook) or Outlook for Windows or Mac, both of which support OAuth access.
Or we can use tools Google Workspace Sync for Microsoft Outlook.
|Thunderbird or other email client||Re-add your Google Account and configure it to use IMAP with OAuth.|
|Mail app on iOS or MacOS or Outlook for Mac and only use your password to sign in||You will need to remove and re-add your account. When you add it back, select “Sign in with Google” to automatically use OAuth.
If you use an app that uses password-based CalDAV to grant access to your calendar, switch to a method that supports OAuth. We recommend the Google Calendar app [Web/iOS/Android] as the safest app to use with your Google Workspace account.
If your Google Workspace account is linked to the calendar app in iOS or MacOS and only uses a password to sign in, you'll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth.
If your Google Workspace account is syncing contacts with iOS or MacOS via CardDAV and only uses a password to sign in, you'll need to delete your account. When you add it back, select “sign in with Google” to automatically use OAuth. Read more.
If your Google Workspace account is syncing contacts with any other platform or app via CardDAV and only uses a password to sign in, switch to a method that supports OAuth.
If the app you're using doesn't support OAuth, you'll need to switch to an app that offers OAuth or create application password to access these applications.
To maintain compatibility with your Google Workspace account, update your app to use OAuth 2.0 as the connection method. To get started, follow our developer guide above using OAuth 2.0 to access Google APIs. You can also refer to our guide on OAuth 2.0 for mobile & desktop apps.
User has a personal Google account
In the coming weeks, Google will remove the IMAP toggle from your Gmail settings. IMAP access is always enabled via OAuth and your existing connections will not be affected. No user action is required.
- This change affects all Google Workspace customers.