People in your organization might want to sync Gmail with email clients like Microsoft Outlook or Apple Mail. To let your users sync their Google Workspace Gmail with supported email clients, turn on POP or IMAP. You can turn on POP and IMAP for everyone, or only for people in certain organizational units.
About POP and IMAP with Gmail
POP and IMAP can be turned on separately—You can turn on POP and IMAP independently of each other. You can also turn on POP and IMAP for your entire organization, or per organizational unit.
Restrict which IMAP clients people can use—You can choose to allow all IMAP clients, or specify the allowed clients. Specified mail clients must support OAuth. OAuth lets apps and websites share your account data without requiring your Google password. This keeps your account more secure. Learn how to control access to less secure apps.
Email clients without OAuth—Email clients that don't support OAuth can be used with POP, or with IMAP only when you allow all IMAP clients. If people in your organization use clients without OAuth, turn on less secure apps in the Admin console. Tell your users to turn on less secure apps in their Gmail account.
If you turn off POP or IMAP for your users:
- They can't get their email with POP or IMAP email clients, even if they previously could.
- POP and IMAP settings aren't available in their Gmail web account.
- Mobile device users must use the Gmail app to open their email. If they try to sign in to an IMAP email client, the sign-in fails silently.
If you turn off IMAP, tell iPad and iPhone users Gmail is no longer syncing to iOS Mail. New users can’t manually add the Google account they use for work or school to their device.
To sync Google Workspace Contacts or Calendar events to iOS apps, you must set up your mobile device management (MDM) service to push that data:
- If you use Google endpoint management, enable Google Account in iOS settings. If any Google services required by the iOS apps have restricted app access, you must also explicitly trust iOS apps.
- If you use a different MDM service, contact them for instructions.
- If you don't use any MDM service, iOS device users must use Google apps to access their Google Workspace Contacts and Calendar events.
Enable POP and IMAP
To enable POP and IMAP:
From the Admin console Home page, go to AppsGoogle WorkspaceGmailEnd User Access.
Tip: To see End User Access, scroll to the bottom of the Gmail page.
- Select the organizational unit you want to configure settings for. If you want to configure settings for everyone, select the top-level unit. Or, select one of the child organizational units.
- Scroll to POP and IMAP access. You can turn on POP, IMAP, or both.
- (Optional) To enable POP access, check the Enable POP access for all users box.
- (Optional) To enable IMAP access, check the Enable IMAP access for all users box.
- If you enabled IMAP in Step 6, select an option for allowed email clients:
- Allow any mail client: Any IMAP email client can sync with Gmail.
- Restrict which mail clients users can use (OAuth mail clients only): Limit the third-party email clients that can sync with Gmail. With this option, users can sync only with clients you specify. Important: This option doesn’t support third-party email clients that use domain-wide delegation through a service account. Learn more about domain-wide delegation and service accounts.
- If you selected the Restrict which mail clients... option in Step 7, enter the OAuth IDs of allowed email clients in the Comma separated list of OAuth client IDs field. To add more than one client, separate OAuth IDs with a comma.
OAuth IDs for common email clients
These are OAuth IDs for common email clients. To find the OAuth ID for another client, go to Find the OAuth ID for your email client, below.
Email Client OAuth ID Apple iOS Mail 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com Apple Mac Mail 946018238758-bi6ni53dfoddlgn97pk3b8i7nphige40.apps.googleusercontent.com
- Repeat these steps for each organizational unit where you want to turn on POP or IMAP.
- Click Save changes.
It can take up to 24 hours for POP and IMAP changes to take effect.
To get the OAuth ID for your client, contact the third-party email client company.
If you're using the email client with other Google Workspace services, you might find the OAuth ID in your Google Admin console:
On the Admin console Home page, go to SecurityAPI controls.
- Under App access control, click MANAGE THIRD-PARTY APP ACCESS.
- The app table lists all apps connected to Google Workspace. Find your third-party email client in the table. The client OAuth ID is in the ID column.
End-user settings for POP and IMAP
After you enable POP and IMAP, people in your organization can set up POP and IMAP access to their Gmail account by following these instructions:
Username and password not working?
Some apps require you to also turn on access for less secure apps before setting up POP/IMAP connections.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.