Turn POP & IMAP on or off for users

This article is for Google Workspace admins. To sync your personal Gmail with another mail client, such as Microsoft Outlook or Apple Mail, follow instructions to set up POP or IMAP.

For users in your organization to synchronize their Google Workspace account email with other email clients, such as Microsoft Outlook or Apple Mail, you need to turn on POP or IMAP in the Google Admin console. You can turn them on for everyone or only for people in certain groups or departments.

Starting in Fall of 2024, Google Workspace accounts will no longer support less secure apps, third-party apps or devices that ask you to sign in to your Google Account using only your username and password. For exact dates, visit Google Workspace Updates. To access apps, you must use OAuth. To prepare for this change, review the details in Transition from less secure apps to OAuth.  

Before you begin

Expand section  |  Collapse all & go to top

Decide what to turn on & who can use which clients
  • Turn on POP, IMAP, or both—You can turn on POP and IMAP or turn them on independently of each other. 
  • Restrict which IMAP clients people can use—You can choose to allow all IMAP clients or specify only allowed clients. Specified mail clients must support OAuth. OAuth allows users to share specific data with an application while keeping their usernames, passwords, and other information private. 
  • Use email clients without OAuth—Email clients that don't support OAuth can be used with POP or IMAP but only when you allow all clients. If people in your organization use clients without OAuth:  
    1. Turn on less secure apps in the Google Admin console. Follow the steps in Control access to less secure apps.
    2. Have your users turn on less secure apps by following the steps in Less secure apps & your Google Account.
If you turn off POP or IMAP
  • Users can't get their email with POP or IMAP email clients, even if they previously could.
  • POP and IMAP settings aren't available in Gmail.
  • Mobile device users must use the Gmail app to open their managed Google Workspace account email. If they try to sign in to an IMAP email client, the sign-in fails.
Before you disable IMAP for iOS Mail

Before you turn off IMAP, tell iPad and iPhone users that Gmail is no longer syncing to iOS Mail. To sync Google Contacts or Calendar events to iOS apps, you must set up your mobile management service to push that data:

  • If you use Google endpoint management, you need to set up the Google Account setting in the Admin console. If any Google services required by the iOS apps have restricted app access, you must also explicitly trust iOS apps. For the steps, go to Apply settings for iOS devices and then set up the custom push configuration for CalDAV and CardDAV.
  • If you use a different mobile management service, contact them for instructions.
  • If you don't use any mobile management service, iOS device users must use Google apps to access their Google Workspace account Contacts and Calendar events.

Related topics

Step 1: Turn on POP & IMAP 

Turn on POP & IMAP

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Appsand thenGoogle Workspaceand thenGmailand thenEnd User Access.
  3. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  4. Scroll to POP and IMAP access and turn on POP, IMAP, or both. For:
    • POP access—Check the Enable POP access for all users box. 
    • IMAP access—Check the Enable IMAP access for all users boxand thenchoose an option: 
      • Allow any mail client
      • Restrict which mail clients users can use (OAuth mail clients only). Then, for OAuth client IDs, enter the IDs of allowed clients (separated by a comma): 
        • Apple iOS Mail—450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com
        • Apple Mac Mail—946018238758-bi6ni53dfoddlgn97pk3b8i7nphige40.apps.googleusercontent.com
        • Other clients—Follow the steps on this page to Find the OAuth ID for your email client.

          Important: With this option, users can sync only with clients you specify. This option doesn’t support third-party email clients that use domain-wide delegation through a service account. Learn more about domain-wide delegation and service accounts.

  5. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

  6. Repeat these steps for each organizational unit where you want to turn on POP or IMAP.

Changes can take up to 24 hours but typically happen more quickly. Learn more

Find the OAuth ID for your email client

Find the OAuth ID for your email client

To get the OAuth ID for your client, contact the third-party email client company.

If you're using the email client with other Google Workspace services, you might find the OAuth ID in your Google Admin console:

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Securityand thenAccess and data controland thenAPI controlsand thenManage Third-Party App Access.
    You must be signed in as a super administrator for this task.

  3. Find your third-party email client in the table and for the OAuth ID, go to ID.

Step 2: Enable POP & IMAP in user accounts (only for clients without OAuth)

If you turn on POP and IMAP in your Admin console, your users must also set up POP and IMAP access in Gmail.  

Tell users to follow these instructions:

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu