Skip to main content

Search

How to Set Up a Gmail Canarytoken

Description: Create tokened mails in gmail/gsuite mailboxes across your org.

Note: Once the Gmail tokening is complete, please remember to remove the “Client ID” and “Client Scopes” entries from your G Suite OAuth client’s dashboard found at:

https://admin.google.com/

From the Admin console Home page, go to Menu ic_menu_grey600_18dp.svgic_keyboard_arrow_right_grey600_18dp.svgSecurityic_keyboard_arrow_right_grey600_18dp.svgAPI controls.

Under App access control, select MANAGE THIRD-PARTY APP ACCESS.

Follow the steps below to Tokenise a Google mailbox.

Step 1:

Log in to your Console.

Step 2:

Click Add a new Canarytoken.

Step 3:

Create a new Gmail Canarytoken from the drop down list.

Step 4:

Click on Let's begin (1 of 4).

Step 5:

Modify the Token's options and paragraph text if you'd like and click on Save Template (2 of 4).

 

  1. Mail From: is the email address of who the message is from.
  2. Mail Subject: this can be changed to whatever you want the subject of the mail to be.
  3. Mail Content: you can change the content of this mail, we have given you a template to work from.
  4. Click on Save Template (2 of 4) when done.

Step 6:

Login to your G Suite admin console here.

Step 7:

In the G Suite admin console, click on Security > Access and data control > API controls.

Or click the link here.

Step 8:

Click on MANAGE THIRD-PARTY APP ACCESS.

Step 9:

Click on Add app > Oath App Name Or Client ID

Step 10:

Enter your Client ID and hit SEARCH.

Then Select the "Thinkst Gsuite Tokener"

Step 11:

Select the Client ID again and hit SELECT.

Step 12:

Select your prefered organisation scope then select CONTINUE.

Step 13:

Select Trusted then select CONTINUE.

Review your configuration and select FINISH when done.

Step 14:

Head back to API controls, and select MANAGE DOMAIN WIDE DELEGATION.

Add a new API Client, by selecting Add new, then enter your following details:

Client ID: ABC123

First OAuth Scope: https://www.googleapis.com/auth/admin.directory.user.readonly

Second OAuth Scope: https://www.googleapis.com/auth/gmail.modify

Finally click AUTHORIZE when complete.

Step 15:

Back on your Canary Console, select All set! (3 of 4).

Select Search Gmail for users, then enter your Google Admin email address; finally select Search.

You'll be presented with a list of users to Token, which can be selected. When ready, select Insert Tokened Email (4 of 4) to start the Tokening process.

Alternatively, larger organisations can provide a comma-separated email list and then click on Insert Tokened Email (4 of 4).

Once the Gmail tokening is complete, the Canary API client can be revoked from the DOMAIN WIDE DELEGATION UI.

You're done! ;-)

Was this article helpful?
5 out of 6 found this helpful
Return to top