Authorization

When you add a Gmail card to a flow for the first time, Okta prompts you to create a connection. Setting up a connection allows you to save your account information and reuse that connection the next time you build a flow with the connector.

You can create multiple unique connections and manage them from the Connections page in the Okta Workflows Console.

Set up a new Gmail connection

Follow these steps to create a connection from an event or action card:

  1. In the Okta Workflows Console, go to Connections.

  2. Click New Connection to see a list of all available connectors.

  3. Select the Gmail connector.

  4. Enter a Connection Nickname for your Google Workspace account. The nickname can be the actual name of the account or a generic nickname.

  5. In the OAuth window, enter your Google account and password information.

  6. Click the Permissions tab and choose either Use default scopes or Customize scopes (advanced).

    • Use default scopes: This option includes the scopes that are necessary to run any of the Gmail connector cards.

    • Customize scopes (advanced): Choose this option if you want to customize the scopes for this connection. See Scopes for Gmail connector cards.

      You can also Manually add scopes that aren't in the default scope list. The connection creation fails if you attempt to add an invalid scope, for example, a scope that doesn't exist.

  7. On the card, authorize access to your Google account by clicking Allow.

Guidance for account types and the Gmail connector

  • Only Google Workspace users can make proper connections for the Gmail connector.

  • If you're using a gmail.com or googlemail.com account, then connections for the Gmail connector fail when you execute the flow. Also Gmail connector cards won't function as intended, and flows that contain a Gmail card won't run successfully.

  • You can't use Project Service Accounts to make connections for the Gmail connector.

  • You don't need to assign the Service Account User role to Google Workspace users in their project to have a working connection for the Gmail connector that uses the following cards:

    • Read Email

    • Send Email

    • Send Email with Attachment

  • Assign the Service Account User role to Google Workspace users in their project to use the following cards:

    • Add Delegate

    • Forward Emails

    • Set Auto Reply

    • Update User Gmail Settings

      See Service Account User role for details on how to assign this role to users.

  • When using Google Sign In with the Okta Browser Plugin inside Okta Workflows, you can't switch accounts without first switching to the account that's using the Okta Browser Plugin.

Reauthorize a connection

For an existing connection, you must reauthorize the connection to pick up any scope changes.

Reauthorizing any existing connection without changing scopes simply inherits the scopes of the previous authorization.

Disclaimer Statement

The use of information received from the Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This adherence also applies to the transfer of information from this app to any other app integration.

For information about data privacy and practices within Okta, see the Okta Privacy Policy.