OAuth email authentication

OAuth enables your instance to receive and send email through a third-party email account.

Open Authentication (OAuth) is an open standard for authorization that provides administrators with an authorization method when connecting to incoming IMAP and outgoing SMTP servers. OAuth enables an instance to receive and send email from a third-party account, such as Gmail, without having to enter the credentials for that account.

The OAuth 2.0 implementation requires you to obtain an access and refresh token from your third-party email provider for each third-party email account. The tokens are automatically saved to the instance database. They provide authorization for all email communication between the instance and the authorized third-party account. A scheduled job regularly checks to see if email access tokens are valid. If the access token is not valid, but the refresh token is, the instance automatically regenerates a new access token.

OAuth 2.0 support is available starting with the Geneva release. The OAuth implementation supports IMAP and SMTP accounts only. POP3 is not supported. OAuth 1.0 is no longer supported.

Note: Customer email accounts configured to use OAuth 1.0 authentication with Gmail cease to function as of April 20, 2015. See KB0546976 for more information.

Activating the Email - OAuth support for IMAP and SMTP plugin allows you to use OAuth with email. If you upgrade to Geneva or later instances and are already using OAuth 1.0, activate the plugin again.

See Outbound REST with OAuth 2.0 profile tutorial - integrating with Google Contacts API for an example of using an OAuth 2.0 profile to authenticate an outbound REST message with Google to retrieve contact information. Also see OAuth 2.0 for more information on OAuth 2.0 support in the instance.