Upcoming changes to the Gmail connector

(Edit: A typo on the redirect URI is fixed.)

Starting May 1, 2020 we’ll be rolling out changes that will potentially impact your flows that use the Gmail connector due to policy changes by Google. In line with Google’s data security and privacy policies, customers using a Gmail consumer account (email addresses ending with @gmail.com or @googlemail.com) will have certain limitations on the set of connectors that can be used along with the Gmail connector in a flow.

If you are using a G-Suite business account (email addresses with a custom domain), your flows will not be impacted, and there is no restriction on the use of the Gmail connector.

Under this policy, the Gmail connector, when used with a Gmail consumer account, can only be used with a limited set of Google-approved services. We will continue to work with Google to add more services to this list. For now, the set of Google-approved connectors that can be used with the Gmail connector in the same flow include:

    • Built-in actions and triggers: Control, AI Builder, Data operations, Date Time, Number Functions, Power Virtual Agents, Power Apps, Request, Schedule, Text Functions, Variables, Flow button, Location, Content Conversion Service
    • Google services: Gmail, Google Calendar, Google Contacts, Google Drive, Google Sheets, Google Tasks
    • Approved Microsoft Services: OneDrive, SharePoint Online, Excel Online, Dynamics 365, Microsoft Teams, Office 365, Planner, Outlook, OneNote, Word Online
    • Customer managed data sources: FTP, SFTP, SQL Server, HTTP, SMTP, RSS

NOTE: This list is subject to change. Going forth, we’ll post the complete and and up-to-date info in our documentation.

If you have an existing flow that will be impacted by the changes, we will also notify you via email to let you know of the impacted flows.  Starting June 9, 2020, any flow that is not compliant will be disabled. You will need to ensure that you use only one of the approved connectors in your flow before you can enable your flow again.

What can you do if your flow is impacted?

You may need to use the Gmail connector with a Gmail consumer account in a flow with some of the non-approved connectors.  In this case, we have rolled out an option to use your own Google application for personal or internal use in your enterprise.

To enable that, you will need to:

  • Create an OAuth client application using Google’s API Console
  • Use the settings of your client application in the Gmail connector

For details on the steps, you can read the instructions here in the Gmail connector reference documentation.  Briefly, you can use Google’s setup tool and follow the steps to create an OAuth Client application.  Here’s some useful information—

  • Add the Gmail scope (https://mail.google.com)
  • Add “azure-apim.net” as one of the authorized domain
  • Use “https://global.consent.azure-apim.net/redirect” for Redirect URI

The finished screen will look like below:

To use the app in your Gmail action or trigger, select “…” > + Add new connection to create a new connection. Select “Bring your own application” as the Authentication Type and specify the value of “Client ID” and “Client secret” from your Google app.

When you click on “Sign in”, you will see that the login screen reflects the app you created.  In case you are using a Gmail consumer account, you may see a screen that the App is not verified by Google.

Now you should be able to use the Gmail connector in your flows without restrictions.