For users in your organization to synchronize their Google Workspace account email with other email clients, such as Microsoft Outlook or Apple Mail, you need to turn on POP or IMAP in the Google Admin console. You can turn them on for everyone or only for people in certain groups or departments.
Starting in Fall of 2024, Google Workspace accounts will no longer support less secure apps, third-party apps or devices that ask you to sign in to your Google Account using only your username and password. For exact dates, visit Google Workspace Updates. To access apps, you must use OAuth. To prepare for this change, review the details in Transition from less secure apps to OAuth.
Before you beginDecide what to turn on & who can use which clients
- Turn on POP, IMAP, or both—You can turn on POP and IMAP or turn them on independently of each other.
- Restrict which IMAP clients people can use—You can choose to allow all IMAP clients or specify only allowed clients. Specified mail clients must support OAuth. OAuth allows users to share specific data with an application while keeping their usernames, passwords, and other information private.
- Use email clients without OAuth—Email clients that don't support OAuth can be used with POP or IMAP but only when you allow all clients. If people in your organization use clients without OAuth:
- Users can't get their email with POP or IMAP email clients, even if they previously could.
- POP and IMAP settings aren't available in Gmail.
- Mobile device users must use the Gmail app to open their managed Google Workspace account email. If they try to sign in to an IMAP email client, the sign-in fails.
Before you turn off IMAP, tell iPad and iPhone users that Gmail is no longer syncing to iOS Mail. To sync Google Contacts or Calendar events to iOS apps, you must set up your mobile management service to push that data:
- If you use Google endpoint management, you need to set up the Google Account setting in the Admin console. If any Google services required by the iOS apps have restricted app access, you must also explicitly trust iOS apps. For the steps, go to Apply settings for iOS devices and then set up the custom push configuration for CalDAV and CardDAV.
- If you use a different mobile management service, contact them for instructions.
- If you don't use any mobile management service, iOS device users must use Google apps to access their Google Workspace account Contacts and Calendar events.
Step 1: Turn on POP & IMAP
In the Admin console, go to Menu AppsGoogle WorkspaceGmailEnd User Access.
- To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
- Scroll to POP and IMAP access and turn on POP, IMAP, or both. For:
- POP access—Check the Enable POP access for all users box.
- IMAP access—Check the Enable IMAP access for all users boxchoose an option:
- Allow any mail client
- Restrict which mail clients users can use (OAuth mail clients only). Then, for OAuth client IDs, enter the IDs of allowed clients (separated by a comma):
- Apple iOS Mail—450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com
- Apple Mac Mail—946018238758-bi6ni53dfoddlgn97pk3b8i7nphige40.apps.googleusercontent.com
- Other clients—Follow the steps on this page to Find the OAuth ID for your email client.
Important: With this option, users can sync only with clients you specify. This option doesn’t support third-party email clients that use domain-wide delegation through a service account. Learn more about domain-wide delegation and service accounts.
- Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
- Repeat these steps for each organizational unit where you want to turn on POP or IMAP.
Changes can take up to 24 hours but typically happen more quickly. Learn more
To get the OAuth ID for your client, contact the third-party email client company.
If you're using the email client with other Google Workspace services, you might find the OAuth ID in your Google Admin console:
In the Admin console, go to Menu SecurityAccess and data controlAPI controlsManage Third-Party App Access.
You must be signed in as a super administrator for this task.
- Find your third-party email client in the table and for the OAuth ID, go to ID.
Step 2: Enable POP & IMAP in user accounts (only for clients without OAuth)
If you turn on POP and IMAP in your Admin console, your users must also set up POP and IMAP access in Gmail.
Tell users to follow these instructions:
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.