Transition your organization off Google Sync

Google Sync is a Google Workspace feature that uses Microsoft Exchange ActiveSync to let your users synchronize their work mail, contacts, and calendars to platform-specific and third-party apps on their mobile devices. For example, iPhone and iPad users can sign in with Microsoft Exchange to get their work Gmail messages in the Apple Mail app and Google calendar events in Apple Calendar.

Security risks with Google Sync

Google Sync doesn’t support OAuth authentication, 2-factor authentication, or security keys, which leaves your organization’s data less secure. With more secure alternatives available, we recommend you transition off Google Sync as soon as possible, ahead of the less secure app access shutdown.

What you can do

Many third-party apps support user sign-in with a Google Account instead of Microsoft Exchange. To allow users to sign in with their work account, you can configure your app management settings to allow data syncing for specific apps or use Google endpoint management to push account information to specific platforms. To set up app access by organizational unit, use the Google endpoint management options.

These instructions focus on how to set up Google Workspace so your users can access their work mail, calendar events, and contacts in Apple iOS apps. For Android users, we recommend users switch to the Android Gmail app. If you want to use another third-party app that supports Google OAuth, you can trust the app. If the third-party app doesn’t support Google OAuth, contact the app developer.

Sync mail, calendar, and contacts in Apple iOS apps

  1. To let your users access Gmail messages in Apple Mail, turn on IMAP for your organization.

  2. To turn on Google OAuth authentication for Apple Mail, Calendar, and Contacts, add the iOS client to your organization’s trusted apps: 

    1. Sign in to your Google Admin console.

      Sign in using your administrator account (does not end in @gmail.com).

    2. From the Admin console Home page, go to "" and then Security and then API controls.
    3. Click Manage third-party app access.

    4. Click Add app and choose OAuth app name or client ID for how you want to search for the mail client. 

    5. Enter 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com

    6. Click Search, select iOS, and click Add.

    7. Leave the access level set to trusted.

    8. Ensure that no other IMAP apps are in the list.

iOS device users can now add their work account to the device.

Other options

Sync calendar and contacts in Apple iOS apps, use Gmail app for mail

Before you begin: To block access to Gmail messages in an IMAP client like Apple Mail, turn off IMAP for your organization.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to "" and then Security and then API controls.
  3. Click Manage third-party app access.

  4. Click Add app and choose OAuth app name or client ID for how you want to search for the mail client. 

  5. Enter 450232826690-0rm6bs9d2fps9tifvk2oodh3tasd7vl7.apps.googleusercontent.com

  6. Click Search, select iOS, and click Add.

  7. Leave the access level set to trusted.

  8. To let users get messages on their iOS device in the Gmail app when IMAP is off:

    1. Set up your third-party mobile device management (MDM) service to push the Google Account payload profile. 
    2. Users must use the iOS Gmail app and sign in with their managed Google Account. They should leave Apple Calendar and Apple Contacts turned on, but turn off Apple Mail. If they try to sign in to Apple Mail with their work account, the sign-in fails silently.
Sync mail, calendar, and contacts in Apple iOS apps with Google endpoint management

Before you begin: If needed, set up advanced mobile management.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. On the left, click iOS settings.

  4. Click Account configurations.

  5. Check the Push Google Account configuration.

  6. Click Save.

To sync their mail, contacts, and calendar events, users must download the Google Device Policy app and the Google mobile device management configuration profile. Learn more



Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue