Configure Gmail with managed configurations

Gmail implements managed configurations to enable a smooth setup in corporate environments. As an administrator, use your enterprise mobility management (EMM) console to configure Gmail settings for each user. Managed configurations are available in Gmail version 6.4 and later.

Gmail managed configurations


Enter a string that the EMM proxy or gateway can use to identify the device. It should contain the device identifier that's part of the Microsoft® Exchange ActiveSync® (EAS) protocol that some EMM gateways use for device correlation.


Enter a specific email address or a string that contains wildcards that the EMM provider uses to pull the user’s email address from Microsoft® Active Directory®.


  • %emailaddress%

Enter the default email signature that you want to be automatically added at the bottom of all sent emails.


Jane Doe, President
Altostrat, Inc.


Enter the URL of the Exchange ActiveSync (EAS) email server. This might be an EMM on-site proxy server, a load-balanced virtual internet protocol address in front of several EAS email servers, a public client access server (CAS). You don’t need to use HTTP:// or HTTPS:// in front of the URL.

The port number is optional. If not specified, the default port number is 443.



Enter the string alias that represents a certificate with a private key stored in the work profile keystore. The certificate is often a user certificate for authenticating to the Exchange ActiveSync (EAS) servers.  

If you enabled and defined a Certificate Authority (CA) in the EMM console, you'll be able to choose an alias from a drop-down list that the EMM provider populates when the device is enrolled.


Specifies Secure Sockets Layer (SSL) communication to the server port that you specified in the Host field. This setting is ignored if port 443 is specified in the Host field.

Set to true to use SSL, or set to false.

If not specified, the default setting is true.


Enter an integer, from 1 to 5, for the default time window when the Exchange ActiveSync (EAS) servers synchronize mail items to Gmail.    

The start of the time window is determined by subtracting the period of time represented by the filter type from the current time.

Value Default time window
1 1 day
2 3 days
3 1 week
4 2 weeks
5 1 month

If not specified, the default setting is 3.


Specifies validation checks on Secure Sockets Layer (SSL) certificates that are used on Exchange ActiveSync (EAS) servers, proxies, or gateways in front of email servers.    

Set to false to perform checks, or set to true.

Tip: Performing a check is useful if certificates are self-signed.

If not specified, the default setting is false.


Enter a specific username or a string that contains wildcards that the EMM provider uses to pull the username from Active Directory. It might be different from their email address.  


  • %username%
  • janedoe
  • altostrat\janedoe

Available in Gmail versions released after November 15, 2019.

Sets the type of authentication used to verify a user’s email credentials with Microsoft® Active Directory®. Set to allow_modern_authentication (recommended) or allow_basic_authentication.

  • allow_modern_authentication: Uses modern authentication, a token-based method of identity management that offers more secure user authentication and authorization. If modern authentication isn’t possible, basic authentication is used.
  • allow_basic_authentication: Uses basic authentication, an older method of authentication that prompts users for their password and stores this password for future use.

If not specified, the default setting is allow_modern_authentication.

Was this helpful?
How can we improve it?