Jamf Nation Community

matthias_bretz · ‎09-02-2024

Hi,

so in a couple of weeks Google will shut down basic auth for gmail SMTP (Transition from less secure apps to OAuth ).

As this is how we (and probably many other Jamf Pro customers) set up our Jamf Pro in the cloud to send us notification mails, we are now strugeling to find a way for the future.

Has anyone (without an other mail server besides Google) found a solution jet?

Or has anyone heard of OAuth support for Jamf Pro smtp settings?

Kind regards, Matthias

jamf-42 · ‎09-03-2024

and 11.9 is out:

You can now integrate Google-hosted email accounts with Jamf Pro using Google Cloud's Identity and Access Management system. Beginning 30 September 2024, Google will require OAuth 2.0 for third-party apps to access Gmail, meaning that adding Gmail accounts via basic authentication will no longer be supported in Jamf Pro. This feature allows you to integrate a Gmail account with Jamf Pro by authenticating directly through Google via OAuth 2.0, enabling Jamf Pro to securely authenticate when sending email notifications for various actions that take place in your environment.

To access this feature in Jamf Pro, navigate to Settings > System > SMTP server, and select "Google Auth" from the Authentication method pop-up menu.

For more information on integrating an SMTP server, see SMTP Server Integration in the Jamf Pro Documentation.

View solution in original post

jamf-42 · ‎09-02-2024

join the JAMF Pro betas... via feedback in your JAMF ID account.. more info there..

karansingh1 · ‎09-03-2024

Hi Matthias,

The transition to OAuth for Gmail SMTP is challenging for Jamf Pro users, as Jamf currently doesn't support OAuth for SMTP settings. Possible solutions include using a third-party SMTP service like SendGrid or Mailgun, setting up a G Suite SMTP relay, or exploring custom OAuth workflows. These options can help maintain email notifications. I recommend testing these alternatives now to ensure a smooth transition. Additionally, keep an eye on Jamf’s updates, as they might introduce OAuth support in the future.

Kind regards,
Karan

jamf-42 · ‎09-03-2024

and 11.9 is out:

You can now integrate Google-hosted email accounts with Jamf Pro using Google Cloud's Identity and Access Management system. Beginning 30 September 2024, Google will require OAuth 2.0 for third-party apps to access Gmail, meaning that adding Gmail accounts via basic authentication will no longer be supported in Jamf Pro. This feature allows you to integrate a Gmail account with Jamf Pro by authenticating directly through Google via OAuth 2.0, enabling Jamf Pro to securely authenticate when sending email notifications for various actions that take place in your environment.

To access this feature in Jamf Pro, navigate to Settings > System > SMTP server, and select "Google Auth" from the Authentication method pop-up menu.

For more information on integrating an SMTP server, see SMTP Server Integration in the Jamf Pro Documentation.

aghali · ‎09-13-2024

Anyone having an issue following this Article to create the unique client ID and client secret in your Google Workspace portal? I can start the process by creating the new project but I don't see the "Product name" field nor where I can select "Web server"!

user-xhWIUceCkh · ‎09-17-2024

Seems pretty straightforward, but we are getting:

POST https://oauth2.googleapis.com/token
{
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}

cdenesha · ‎09-29-2024

Hello.

I was at first getting a redirect_uri_mismatch, but noticed I had a typo. Now that is fixed, I can successfully send email on my test server, but NOT on my production server... which has a port number. I am able to enter the email address and password, but then get an error "Unable to add and authenticate email account due to an issue with a token, please try again".

Has anybody got it working with a port number (:8443) as part of your jamf URL?

thank you,

chris

cdenesha · ‎09-30-2024

[update]

I captured a debug log, and it is still a redirect URI issue

{
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}

Since it works on my test server but not when I add port number :8443, perhaps this is a Google issue? I started here because anything locally hosted would have the port number so hoped someone had seen this and had a fix.

@user-xhWIUceCkh does your jamf server URL use a port number?

thanks,

chris

Jared_Y · 2 weeks ago

I had to specifically enable the Gmail permission set in Google OAuth to get this working

Documentation can be found in the following resources:

SMTP Server Integration

Preparing Google Workspace for Jamf Pro SMTP Integration

coshaben · a week ago

I have followed the SMTP Server Integration / Preparing Google Workspace for Jamf Pro SMTP Integration articles over and over again (as solutions indicate above). We are still having issues setting up SMTP integration with Google OAuth. We have received the following error every time:

"Unable to add and authenticate email account due to an issue with a token. Please try again"

We have tried the following:

1. Followed all the setups to setup a project and enable the gmail api

2. Disabled 2FA for the account I'm trying to setup as the sender for

3. Enabled less secure app access

4. Found out that app-specific passwords are no longer allowed.

5. Followed all relevant jamf guides and retried every step 20x.

6. Cleared browser cache and retried.

We are able to enter the client id / client secret, and then click the "Add email address via google" button. This takes us too a google login page, where we successfully authenticate and continue / accept all the prompts. At the end, it takes us back to jamf pro SMTP setup page and gives us the above-mentioned error.

Does anyone have any other suggestions we could try?

Jared_Y · a week ago

I agree it's not the best experience. But have you opened a Jamf Support Case on this?

coshaben · a week ago

Tried doing that about 6 days ago and no fixes yet from them. Really is a shame - to your point, I wish Jamf would create a better customer experience in integrating with google for SMTP. The fact that a lot of folks were required to turn on "less secure app" and "app password" settings to begin with as primary work arounds was the true problem here in my opinion. Google naturally is attempting to better secure it's platform and removed these options.

user-xhWIUceCkh · a week ago

Updated: I opened a support ticket and validated the issue. The workaround is pretty Mickey Mouse. If you have an issue, open a support ticket because there are items on your side and the backend they have to do.

Jamf Nation Community

Google as SMTP server (with OAuth)