Configuring an Okta Custom Email Provider with Google App Passwords
Last Updated:
Overview
Google Workspace is removing support for less secure systems to manage email. See Google Workspace Updates.
The Okta Custom Email Provider configuration falls under Google's assessment of a less secure system. To continue using Google Workspace with a Custom Email Provider, administrators must configure an App Password under the Workspace account. Administrators can use this generated password as a replacement in the existing SMTP configuration. See Transition from less secure apps to OAuth - Google Workspace Admin Help.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Google Workspace
- Custom Email Provider
- Simple Mail Transfer Protocol (SMTP)
Solution
How is a Custom Email Provider configured with an App Password?
An App Password is a 16-digit passcode that gives a less secure app or device permission to access a Google Account. App passwords require accounts to have 2-Step Verification enabled.
Set up the Google Workspace account to support App Passwords by following the steps outlined by Google.
The following image provides an example dialog from Google Workspace when generating a new App Password.
Update an existing Custom Email Provider using Google Workspace by navigating to the configuration, editing the settings, and replacing the password with the generated App Password.
- Navigate to the Custom Email Provider configuration in the Okta Admin Console.
- Select Edit.
- Replace the SMTP Password with the generated App Password.
The following image shows the SMTP Password field in the Okta Custom Email Provider configuration.
Validate the configuration after saving by sending a test message to verify the connection.
- Save the configuration.
- Send a test message.
The following images demonstrate the test message validation process and the successful delivery confirmation.
Okta plans to add support for OAuth 2.0 SMTP
Okta plans to add support for OAuth 2.0 SMTP. OAuth 2.0 authenticates SMTP messages by replacing the traditional username and password authentication with an OAuth 2.0 token. Administrators can use this additional configuration option when setting up a Custom Email Provider if the SMTP service supports it.
