Email Setup

SMTP Setup

Add below environment variables to configure the SMTP email server

EMAIL_PROVIDER=SMTP
SMTP_HOST=smtp.domain.com
SMTP_FROM=noreply@domain.com
SMTP_USERNAME=noreply@domain.com
SMTP_PASSWORD=******************

Use the below settings if your SMTP doesn't support TLS and/or doesn't require authentication

EMAIL_PROVIDER=SMTP
SMTP_USE_TLS=false
SMTP_HOST=smtp.domain.com
SMTP_FROM=noreply@domain.com
SMTP_PORT=25

Gmail OAuth Setup

To set up a Gmail OAuth for emails, you need to have a GSuite admin user, and with a personal Gmail account setup cannot be done. Please follow the steps below to create Service Account

  • Click APIs & Services > Credentials.

  • Click Create Credentials > Service account.

  • For the Service account name, enter a name for the service account.

  • (Optional) For the Service account description, enter a description of the service account.

  • Click Create and Continue.

  • Click Done > Save.

  • At the top, click Keys > Add Key > Create new key.

  • Make sure the key type is set to JSON and click Create.

  • You'll get a message that the service account's private key JSON file was downloaded to your computer. Make a note of the file name and where your browser saves it. You'll need it later.

  • Click Close.

Domain-wide access delegation for a Service Account

  • In your Google Admin console (at admin.google.com)

  • Go to Menu Security > Access and data control > API controls.

  • Click Manage Domain Wide Delegation.

  • Click Add new and enter your service account client ID.

  • You can find the ID (also known as the Unique ID) in the JSON file that you downloaded when you created the service account or in Google Cloud (click IAM & AdminService accounts the name of your service account).

  • Enter the client ID of the service account or the OAuth2 client ID of the app. (Typically, the ID is provided by the developer. If you're the owner of the service account, you can look up the ID.)

  • In OAuth Scopes, add each scope that the application can access (should be appropriately narrow). You can use any of the OAuth 2.0 Scopes for Google APIs.

  • Please add the following Gmail API scopes,

    • https://www.googleapis.com/auth/gmail.send

    • https://www.googleapis.com/auth/gmail.compose

    • https://www.googleapis.com/auth/gmail.readonly

    • https://mail.google.com/

    • https://www.googleapis.com/auth/gmail.modify

  • Click Authorize. If you get an error, the client ID might not be registered with Google or there might be duplicate or unsupported scopes.

  • Point to the new client ID, click View details and make sure every scope is listed. If a scope is not listed, click Edit, enter the missing scope, and click Authorize. You can't edit the client ID.

  • Please make the following changes to CloudIO env file

    • EMAIL_PROVIDER=GMAIL

    • GMAIL_CREDENTIAL_FILE_PATH = {{path_to_file}}/serviceaccount.json

    • SMTP_HOST=smtp.gmail.com

    • SMTP_USERNAME=noreply@domain.com

    • SMTP_FROM=noreply@domain.com

  • Place the downloaded JSON credentials file into the server path and configure the path for GMAIL_CREDENTIAL_FILE_PATH param

Last updated