Transition your organization off Google Sync

Google Sync is a G Suite feature that uses Microsoft® Exchange ActiveSync® to let your users synchronize their work mail, contacts, and calendars to native and third-party apps on their mobile devices. For example, iOS device users can sign in with Microsoft Exchange to get their work Gmail messages in the Apple® Mail app and Google calendar events in Apple Calendar.

Security risks with Google Sync

Google Sync doesn’t support OAuth authentication, 2-factor authentication, or security keys, which leaves your organization’s data less secure. With more secure alternatives available, we recommend you transition off Google Sync as soon as possible, ahead of the less secure app access shutdown.

What you can do

Many third-party apps support user sign-in with a Google Account instead of Microsoft Exchange. To allow users to sign in with their work account, you can configure your app management settings to whitelist data syncing for specific apps or use Google endpoint management to push account information to specific platforms. To configure app access by organizational unit, use the Google endpoint management options.

These instructions focus on how to set up G Suite so your users can access their work mail, calendar events, and contacts in native iOS apps. For Android users, we recommend users switch to the Android Gmail app. If you want to use another third-party app that supports Google OAuth, you can whitelist the app. If the third-party app doesn’t support Google OAuth, contact the app developer.

Sync mail, calendar, and contacts in native iOS apps

  1. To let your users access Gmail messages in Apple Mail, turn on IMAP for your organization.

  2. To turn on Google OAuth authentication for Apple Mail, Calendar, and Contacts, add the iOS client to your organization’s trusted apps: 

    1. Sign in to your Google Admin console.

      Sign in using your administrator account (does not end in @gmail.com).

    2. From the Admin console Home page, go to  and then Security and then API controls.
    3. Click Manage third-party app access.

    4. Click Add app and choose OAuth app name or client ID for how you want to search for the mail client. 

    5. Enter 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com

    6. Click Search, select iOS, and click Add.

    7. Leave the access level set to trusted.

    8. Ensure that no other IMAP apps are in the list.

iOS device users can now add their work account to the device.

Other options

Sync calendar and contacts in native iOS apps, use Gmail app for mail

Before you begin: To block access to Gmail messages in an IMAP client like Apple Mail, turn off IMAP for your organization.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to  and then Security and then API controls.
  3. Click Manage third-party app access.

  4. Click Add app and choose OAuth app name or client ID for how you want to search for the mail client. 

  5. Enter 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com

  6. Click Search, select iOS, and click Add.

  7. Leave the access level set to trusted.

  8. To let users get messages on their iOS device in the Gmail app when IMAP is off:

    1. Set up your third-party mobile device management (MDM) service to push the Google Account payload profile. 
    2. Users must use the iOS Gmail app and sign in with their managed Google Account. They should leave Apple Calendar and Apple Contacts turned on, but turn off Apple Mail. If they try to sign in to Apple Mail with their work account, the sign-in fails silently.
Sync mail, calendar, and contacts in iOS native apps with Google endpoint management

Before you begin: If needed, set up advanced mobile management.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click iOS settings.

  4. Click Account configurations.

  5. Check the Push Google Account configuration.

  6. Click Save.

To sync their mail, contacts, and calendar events, users must download the Google Device Policy app and the Google mobile device management configuration profile. Learn more
Was this helpful?
How can we improve it?