Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN) gcp@gimasys.com
Blog

Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported

What’s changing

As part of Google's commitment to user safety, Google Workspace customer Sign-in will no longer be supported for third-party apps or devices that require users to share their Google username and password. This outdated sign-in method, called Less Secure Applications (LSA), puts users at additional risk because it requires sharing Google Account credentials with their apps and devices. third-party. This can make it easier for bad guys to gain unauthorized access to your account.

Instead, you will need to use Sign in with Google option, which is a safer and more secure way to sync your email with other apps. Sign in with Google takes advantage of the industry-standard and more secure Auth authentication method already used by the vast majority of third-party apps and devices.

Google also did informed to customers in 2019 and will update more about the timing of this. 

Access to less secure applications (LSA) will be disabled in two stages:

  1. Starting September 30, 2024:
    • The LSA settings will be removed from the Admin Console and can no longer be changed. Enabled users can connect during this time, but disabled users will no longer be able to access the LSA. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols like CalDAV, CardDAV, IMAP, SMTP, and POP.
    • The IMAP on/off setting will be removed from the user's Gmail settings.
    • If you used LSAs before this date, you can continue to use them until September 30, 2024.
  2. Starting September 30, 2024:

As part of this change, Google Sync will also stop working:

  • September 30, 2024: Existing Google Sync users will not be able to connect to Google Workspace. Now you can
  • September 30, 2024: Existing Google Sync users will not be able to connect to Google Workspace. Now you can  Move your organization away from Google Sync. To find Google Sync usage in your organization, please visit the Admin console, navigate to Devices > Mobile & endpoints > Devices, and filter by Type: Google Sync.

See below for specific guidance for admins, end users, and developers about this change.

Who’s impacted

Admins and end users

Getting started

  • Admins: Prepare your users 

For your end users to continue using these types of apps with Google Workspace accounts, they must switch to a more secure type of access called OAuth. You will receive additional information via email with affected users in your organization in the coming months. Google recommends sharing the user guide (included below) to help them make the necessary changes.

  • Impact on Mobile Device Management (MDM) 

If your organization uses a mobile device management (MDM) provider to configure IMAP, CalDAV CardDAV, POP, or Exchange ActiveSync (Google Sync) profiles, these services will be removed downstream. times below:

June 15, 2024 Password-based MDM push of IMAP, CalDAV, CardDAV, STMP, POP, and Exchange ActiveSync (Google Sync) will no longer work for clients attempting to connect to LSA for the first time.

If you use Google Endpoint Management, you will not be able to enable the “Custom push configuration” setting for CalDAV and CardDAV.
September 30, 2024 Password-based MDM push of IMAP, CalDAV, CardDAV, SMTP, and POP will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will add their Google account back to the iOS device using OAuth.

Password-based Exchange ActiveSync MDM push (Google Sync) will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will add their Google account back to the iOS device using OAuth.

If you use Google Endpoint Management, “Custom Push Configuration-CalDAV” and “Client Push Configuration-CardDAV” (see more details about the settings here) will no longer be available.

  • Scanners and other machines

If you have a scanner or other device that uses simple mail transfer protocol (SMTP) or LSA to send email, you will need to: configure them to use OAuth, use an alternate method, or configure a Password. application password for use with the device.

  • End users 

If you're using an app that accesses your Google Account using just your username and password, do one of the following to continue accessing your email, calendar, or contacts. If you don't take one of the following actions before September 30, 2024, you'll start receiving an error message stating that your username-password combination is incorrect and you won't be able to sign in.

  • Email Application 

Outlook 2016 or earlier Migrate to Microsoft 365 (formerly known as Office 365, the web-based version of Outlook) or Outlook for Windows or Mac, both of which support OAuth access.

 

Or we can use tools Google Workspace Sync for Microsoft Outlook
Thunderbird or other email client Re-add your Google Account and configure it to use IMAP with OAuth.
Mail app on iOS or MacOS or Outlook for Mac and only use your password to sign in You will need to remove and re-add your account. When you add it back, select “Sign in with Google” to automatically use OAuth.

Mac OS:

iOS:

  • Calendar application

If you use an app that uses password-based CalDAV to grant access to your calendar, switch to a method that supports OAuth. We recommend the Google Calendar app [Web/iOS/Android] as the safest app to use with your Google Workspace account.

If your Google Workspace account is linked to the calendar app in iOS or MacOS and only uses a password to sign in, you'll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth. 

  • Contacts application

If your Google Workspace account is syncing contacts with iOS or MacOS via CardDAV and only uses a password to sign in, you'll need to delete your account. When you add it back, select “sign in with Google” to automatically use OAuth. Read more.

If your Google Workspace account is syncing contacts with any other platform or app via CardDAV and only uses a password to sign in, switch to a method that supports OAuth.

  • Other applications

If the app you're using doesn't support OAuth, you'll need to switch to an app that offers OAuth or create application password to access these applications.

  • Developers 

To maintain compatibility with your Google Workspace account, update your app to use OAuth 2.0 as the connection method. To get started, follow our developer guide above using OAuth 2.0 to access Google APIs. You can also refer to our guide on OAuth 2.0 for mobile & desktop apps

  • User has a personal Google account

In the coming weeks, Google will remove the IMAP toggle from your Gmail settings. IMAP access is always enabled via OAuth and your existing connections will not be affected. No user action is required.

Availability

  • This change affects all Google Workspace customers.

As a senior partner of Google in Vietnam, Gimasys has more than 10+ years of experience, consulting on implementing digital transformation for 2000+ domestic corporations. Some typical customers Jetstar, Dien Quan Media, Heineken, Jollibee, Vietnam Airline, HSC, SSI...

Gimasys is currently a strategic partner of many major technology companies in the world such as Salesforce, Oracle Netsuite, Tableau, Mulesoft.

Contact Gimasys - Google Cloud Premier Partner for advice on strategic solutions suitable to the specific needs of your business:

  • Email: gcp@gimasys.com
  • Hotline: 0974 417 099

Source: gcloudvn.com

Related Posts

Back To Top
phone number
0974 417 099