Skip to main content

Search

How to Set Up a Gmail Canarytoken

Description: Create tokened mails in gmail/gsuite mailboxes across your org.

Note: Once the Gmail tokening is complete, please remember to remove the “Client ID” and “Client Scopes” entries from your G Suite OAuth client’s dashboard found at:

https://admin.google.com/

From the Admin console Home page, go to Menu ic_menu_grey600_18dp.svgic_keyboard_arrow_right_grey600_18dp.svgSecurityic_keyboard_arrow_right_grey600_18dp.svgAPI controls.

Under App access control, select MANAGE THIRD-PARTY APP ACCESS.

Follow the steps below to Tokenise a Google mailbox.

Step 1:

Log in to your Console.

Console Login.png

Step 2:

Click Add a new Canarytoken.

tile.png

Step 3:

Create a new Gmail Canarytoken from the drop down list.

CleanShot 2024-07-23 at 10.43.18@2x.png

Step 4:

Click on Let's begin (1 of 4).

CleanShot 2024-07-23 at 10.44.01@2x.png

Step 5:

Modify the Token's options and paragraph text if you'd like and click on Save Template (2 of 4).

 

  1. Mail From: is the email address of who the message is from.
  2. Mail Subject: this can be changed to whatever you want the subject of the mail to be.
  3. Mail Content: you can change the content of this mail, we have given you a template to work from.
  4. Click on Save Template (2 of 4) when done.

CleanShot 2024-07-23 at 10.44.13@2x.png

Step 6:

Login to your G Suite admin console here.

Screenshot 2025.png

Step 7:

In the G Suite admin console, click on Security > Access and data control > API controls.

Or click the link here.

CleanShot 2024-07-23 at 10.45.20@2x.png

Step 8:

Click on MANAGE THIRD-PARTY APP ACCESS.

CleanShot 2024-07-23 at 10.45.31@2x.png

Step 9:

Click on Add app > Oath App Name Or Client ID

CleanShot 2024-07-23 at 10.45.46@2x.png

Step 10:

Enter your Client ID and hit SEARCH.

Then Select the "Thinkst Gsuite Tokener"

CleanShot 2024-07-23 at 10.45.58@2x.png

Step 11:

Select the Client ID again and hit SELECT.

CleanShot 2024-07-23 at 10.46.10@2x.png

Step 12:

Select your preferred organisation scope then select CONTINUE.

CleanShot 2024-07-23 at 10.46.23@2x.png

Step 13:

Select Trusted then select CONTINUE.

CleanShot 2024-07-23 at 10.46.33@2x.png

Review your configuration and select FINISH when done.

CleanShot 2024-07-23 at 10.46.46@2x.png

Step 14:

Head back to API controls, and select MANAGE DOMAIN WIDE DELEGATION.

CleanShot 2024-07-23 at 10.47.02@2x.png

Add a new API Client, by selecting Add new, then enter your following details:

Client ID: ABC123

First OAuth Scope: https://www.googleapis.com/auth/admin.directory.user.readonly

Second OAuth Scope: https://www.googleapis.com/auth/gmail.insert

Finally click AUTHORIZE when complete.

 

Image2.png

Step 15:

Back on your Canary Console, select All set! (3 of 4).

Image.png

Select Search Gmail for users, then enter your Google Admin email address; finally select Search.

CleanShot 2024-07-23 at 10.48.36@2x.png

You'll be presented with a list of users to Token, which can be selected. When ready, select Insert Tokened Email (4 of 4) to start the Tokening process.

CleanShot 2024-07-23 at 10.48.46@2x.png

Alternatively, larger organisations can provide a comma-separated email list and then click on Insert Tokened Email (4 of 4).

CleanShot 2024-07-23 at 10.48.55@2x.png

Once the Gmail tokening is complete, the Canary API client can be revoked from the DOMAIN WIDE DELEGATION UI.

You're done! ;-)

Was this article helpful?
5 out of 6 found this helpful
Return to top