Connecting to Google Services With New Security Measures¶
Google recently introduced new restrictions on how users can use their API. The restrictions are in effect as of June 1st, 2020. The purpose of the new measures is to protect Google users from leakage or misuse of their personal data on Google. New restrictions are related to the Gmail and Google Drive apps. More info here.
To access restricted scopes, the connected service (Ibexa Connect or any other service that wants to access the user's data via the API) has to be verified and has to have a Letter of Assessment to prove that the service is secure and transparent about how they use the data. Ibexa Connect complies with all of Google’s requirements for access to restricted scopes, unfortunately, most of the third-party connected services in Ibexa Connect don't have the Letter of Assessment and therefore don't comply with Google terms. Because of that, we are not permitted to send data to these services.
There are a few exceptions where it is possible to send data to an unapproved third-party service that doesn’t have the Letter of Assessment and doesn’t violate any of these new restrictions.
We opted for the Domain-wide Installation exception. Domain-wide Installation is suited for G Suite users and this approach allows users to integrate unapproved services without any limitations. Simply speaking, if you are a G Suite user you don't have to perform any additional steps and can directly connect to unapproved services.
FAQ¶
What apps in Ibexa Connect are affected?¶
Google Drive, Gmail, and Email (connected to Gmail account).
Do I have a G Suite account?¶
If your email address ends with @gmail.com or @googlemail.com your account is not a G Suite account. If your Google account ends with custom domain e.g. @my-company.com then it is a G Suite account.
-
G Suite users (click on your profile icon in the top-right corner of your Google account to display the following pane):
The This account is managed by \<yourCompany> information is displayed in the top of the pane.
-
Gmail (non-business) users (click on your profile icon in the top-right corner of your Google account to display the following pane):
Your email address ends with the @gmail.com or googlemail.com and there is no information as in the business Google account (above).
What should I do if I'm @gmail.com or @googlemail.com user?¶
If you want to integrate any other service than Google Drive or Gmail, y*ou don’t have to do anything special to connect to your services that use your *@gmail.com or @googlemail.com account to sign in. Just create a connection to the service in the regular way as described in the Connecting To Services article.
The changes only apply if you are integrating Google Drive or Gmail. If you want to connect to Google Drive or Gmail then you have to switch to G Suite or create a custom OAuth client (advanced option).
What should I do if I'm a G Suite user?¶
There is no required action.