Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=notification-settings-configure-gmail-mail-server

Configure OAuth 2.0 on Gmail

You can configure Gmail to use OAuth 2.0 for email notifications. You must configure Gmail using Google Cloud Console to set up the client ID, client secret, and refresh token. You need these credentials when you're setting up OAuth 2.0 for notification emails on Administration > Notification settings in Sophos Firewall.

The key steps are as follows:

  1. Create a project and turn on Gmail API.
  2. Create client ID and client secret.
  3. Create the refresh token.

Warning

This information was correct at the time of writing. To ensure you're following the most current steps, review the Gmail documentation. See Gmail API Overview.

Create a project and turn on Gmail API

In Google Cloud Console, do as follows:

  1. Sign in to the Google Cloud Console using your Google account.

  2. Next to Google Cloud, click Select a project.

    Select a project.

  3. In the Select a project dialogue, click New project.

    Create a new project.

  4. Enter a name and click Create.

  5. Next to Google Cloud, click Select a project and select the project you created.

    Select the created project.

  6. In the left navigation menu, go to APIs & Services > Library.

    API services and library.

  7. Search for Gmail API.

  8. Click Gmail API, then click Enable.

Create client ID and client secret

To create the client ID and client secret, do as follows:

  1. Under APIs & Services, click Credentials.

    API services and credentials.

  2. Click Create credentials and select OAuth client ID.

  3. Click Configure the OAuth consent screen, click Get started, and do as follows:

    1. Under App Information, enter a name and email address.
    2. In User type, select External.
    3. Under Developer contact information, enter the email address again.
    4. Click Create.
    5. Click Create OAuth client.
    6. In Application type, select Web application.
    7. Enter a name.
    8. In Authorized redirect URIs, click Add URI and enter https://developers.google.com/oauthplayground%22.

    9. Click Create.

      The OAuth client created dialogue appears.

    10. Copy the Client ID and Client secrect.

      Copy Client ID and Client secret.

      When you're configuring OAuth 2.0 for email alerts in the firewall, you must paste the ID in Client ID and the secret in Client secret.

  4. Click Audience and do as follows:

    1. Click Add users.
    2. Enter the email addresses of users you want to add.
    3. Click Save.

Create the refresh token

To create the refresh token, do as follows:

  1. Go to https://developers.google.com/oauthplayground.

  2. In the upper-right corner, click the gear icon.

    Refresh token gear icon.

  3. Select Use your own OAuth credentials and do as follows:

    1. In OAuth Client ID, paste the client ID you created.
    2. In OAuth Client secret, paste the client secret you created.
    3. Click Close.

    Refresh token details.

  4. Under Step 1 Select & authorize APIs, expand Gmail API v1, select https://mail.google.com, and click Authorize APIs.

  5. Click Account.

  6. Expand Step 2 Exchange authorization code for tokens and copy the Refresh token.

    When you're configuring OAuth 2.0 for email alerts in the firewall, you must paste this token in Refresh token.