A lot of changes are going on at Microsoft and Google these days relating to account authentication and at 1CRM we are partnering with them to keep your email and other data secure. This article is to clarify these changes for you and to explain how they can affect your 1CRM system.
Quick Overview
A – Microsoft Email Users
Clients using Microsoft Office 365 personal email accounts can use app-specific passwords (see this link for how to make them) to access their email within 1CRM for the indefinite future. So those users have no urgent need to upgrade.
Microsoft 365 corporate email users will soon need to use Modern Authentication,. If you do not wish to upgrade immediately, you can request (see this link to learn how) an extension of Basic Authentication until January 1st 2023, but you still must upgrade to 1CRM 8.7.3 before then.
NOTE: If you are a new Microsoft customer, you may need to activate your SMTP protocol to start using emails on 1CRM. You can click this link to learn how.
B – Google Email Users
Clients using Google personal email accounts can use app-specific passwords (see this link for how to make them) to access their email within 1CRM for the indefinite future. So those users have no urgent need to upgrade.
Google Workspace corporate email users will need to use Modern Authentication by October 3rd, 2022. You must upgrade to 1CRM 8.7.3 before that date. (Note: Google seems to have slipped this date for now – no new date has been published.)
C – 1CRM Google Sync Users
The 1CRM ability to sync files, contacts and calendar data with Google will work until Jan 31st 2023. Clients who rely on this synchronization capability in 1CRM must upgrade before then.
Full Details
1CRM has a new release, version 8.7.3, which supports Modern Authentication and some of our clients may need to upgrade to this version quite soon to maintain email functionality within 1CRM. See the details below to decide if this applies to you and how urgent the need to update is for you. If you need support for Modern Authentication, you must upgrade to release 8.7.3 (or later) first, and then take the steps detailed below to configure for it.
If you are a client of the 1CRM Cloud service just let us know at support@1crm.com a time window on business days (and your time zone please!) when your system is not in use, when we can update your system for you. For example – any time outside 9AM to 5PM, in Eastern US time zone. And let us know which of the topics below affect you.
If you host your own 1CRM system on your own server, then ask us for the release notice for 1CRM 8.7.3. You will need to upgrade the PHP version on your server to at least PHP 7.4 (and we support up to PHP 8.1.10) during the process – but do not upgrade PHP until after you contact us for the release notes!
Note: If your Cloud or On Premise 1CRM has custom software added to it, or if you suspect it does, please get in touch at support@1crm.com to let us know, and we can plan your upgrade together. 1CRM will not be responsible for any loss of custom code features that we were not made aware of before system upgrade.
Personal Gmail Accounts
In order to send and receive email with your personal Gmail account in 1CRM, you need to create an app-specific password. To do so, open your browser and go to https://myaccount.google.com/apppasswords. At the bottom of the page click “Select App”, and choose “Other (Custom name)”. Type in a descriptive name for the password to help you identify it later, for example “Gmail Password for 1CRM”, and click “Generate”. A password is generated for you and displayed. There is a “Done” button – do not click it just yet, because if you do so, you will not be able to see the password.
Microsoft Office 365 Personal Email Accounts
In order to send and receive email with your personal Microsoft Office 365 email account in 1CRM you need to create an app-specific password. To do so, first you need to enable two-step verification. The process is described in details at this link. After 2-step verification has been turned on, go to https://account.live.com/proofs/Manage/additional and click “Create a new app password”. A password will be generated and displayed. Copy the password to the clipboard. (Once you close the page you will not be able to find that password and you will need to generate a new one – so be sure to copy this password and keep it somewhere safe.)
Gmail Corporate Accounts (Google Workspace)
Note: It is only possible to use email addresses belonging to one common Google Workspace organization.
You must be logged in to your 1CRM system as an administrator, and also logged in to Google as a Google Workspace administrator. Go to https://console.cloud.google.com/cloud-resource-manager. Click the “New Project” button. In the form that appears type in the project name, for example “1CRM Email” and select an organization.
Click “Create”. A notification appears at the upper top corner of the screen. Wait until the notification’s icon changes to a green check mark, then click “Select project”.
Click “Go to APIs overview”, then click “ENABLE APIS AND SERVICES”.
Type “Mail” into the search box and press Enter, then select “Gmail API”. Click “Enable”. A screen will be displayed saying “To use this API, you may need credentials. Click ‘CREATE CREDENTIALS’ to get started.”. Click the “CREATE CREDENTIALS” button, then select the “User data” option. Click “Next”, then click “Add or remove scopes”.
Click “Filter” then select “API” and “Gmail API”. Check “…/auth/gmail.send” and “https://mail.google.com/“.
Now Click “Update” then “Save and continue”. In the “Application Type” field select “Web Application”. Type in a name, for example “Gmail Client”. Under “Authorized redirect URIs” click “ADD URI” and enter the authentication URI for your 1CRM system. To construct the authentication URI, use the address of your 1CRM system, and add oauth_redirect.php. For example, if your 1CRM system is at mysite.1crmcloud.com, use https://mysite.1crmcloud.com/oauth_redirect.php. Now click the “CREATE” button and then click “DONE”.
Now you need to find the client ID and client secret for your application. To do so, select “Credentials” from the menu on the left, and then under “OAuth 2.0 Client IDs” select the client you created in the previous step. Client ID and client secret will be displayed. Now open your 1CRM system in a separate browser window or tab and go to Administration => System Settings. Scroll the page down to “OAuth2 Settings” and paste the Client ID and Client Secret into the “Client ID for Gmail” and “Client secret for Gmail” fields. Click “Save’.
Now when setting up SMTP or IMAP accounts in 1CRM you can select “Gmail OAuth” as the authentication type.
Using Google Services with Office 365
If your organization is using Microsoft Office 365 corporate email and/or synchronization with Google services such as Drive, Contacts and Calendar, by default no special setup is needed. The only thing you may need to do is to select an authorization server location. 1CRM Systems Corp. manages a number of servers used to obtain authentication tokens from Google and Microsoft. By default, the server located in Toronto, Canada is used. You may want to choose a different server to control the internet travel of these tokens by geographical region. To do so the 1CRM administrator should open the system settings, and select another server in the OAuth 2 Settings section.
Advanced Setup for Microsoft Office 365 Corporate Email and Google Services Synchronization
In some cases your organization’s security policy may require that authentication tokens are obtained directly by your 1CRM system without using the authorization server. In this case, you will need some additional setup.
Advanced setup for Google services synchronization
You must be logged in to your 1CRM system as an administrator, and also logged in to Google as a Google Workspace administrator. Go to https://console.cloud.google.com/cloud-resource-manager. Click the “New Project” button. In the form that appears type in the project name, for example “1CRM Google sync” and select an organization.
Click “Create”. A notification appears at the upper top corner of the screen. Wait until the notification’s icon changes to a green check mark then click “Select project”.
Click “Enable APIs and services” in the menu on the left then click the “ENABLE APIS AND SERVICES” button.
Type “Calendar” into the search box and press Enter, then select “Google Calendar API”. Click “Enable”. In a similar manner enable the Google Drive API and Contacts API.
Click “OAuth consent screen” in the menu on the left. Select “Internal” for user type and click “Create”. Fill in the app name, support email and optionally select a logo. Also provide an email in the Developer contact information section. Now click “Save and continue” then click “Add or remove scopes. Check “…/auth/contacts”, “…/auth/calendar.events” and “…/auth/drive” and then click “Update”.
Now click “Save and continue”.
Select “Credentials” from the menu on the left then click “CREATE CREDENTIALS” and select “OAuth client ID”. Choose “Web Application” for application type and fill in the client name, for example “Google sync client”. Under “Authorized redirect URIs” click “ADD URI” and enter the authentication URI for your 1CRM system. To construct the authentication URI, use the address of your 1CRM system, and add oauth_redirect.php. For example if your 1CRM system is at mysite.1crmcloud.com, use https://mysite.1crmcloud.com/oauth_redirect.php. Now click the “CREATE” button. Client ID and client secret will be presented to you. You will need them in the 1CRM configuration process.
Now open your 1CRM system in a separate browser window or tab and go to Administration => System Settings. Scroll the page down to “OAuth2 Settings” and click on “OAuth2 server location” field. Select the last option in the list, with the address of your 1CRM system. Fill in the “Client ID for Google services” and “Client Secret for Google services” fields using the values obtained in previous step. Click “Save’.
Note: Once you update to 1CRM release 8.7.3 or later and/or reconfigure for the new modern authentication methods for Google, you will need to re-authenticate with Google in 1CRM.
Setup for Microsoft Office 365 corporate email
Open https://portal.azure.com/. In the search box at the top, type “active directory”, then select “Azure Active Directory” from the list. Select “App registrations” then click “New registration”. Type in a name for your application, for example “1CRM Email” and select an option from “Supported account types” list. If unsure which option to select, click the “Help me choose…” button.
Under “Redirect URI” select “Web” as the platform and enter the authentication URI for your 1CRM system. To construct the authentication URI, use the address of your 1CRM system and add oauth_redirect.php. For example, if your 1CRM system is at mysite.1crmcloud.com use https://mysite.1crmcloud.com/oauth_redirect.php. Click “Register”.
On the next screen, click “Add a certificate or secret”. Type in a description and select an expiration time. Notice that after the secret expires you will need to create a new one and reconfigure 1CRM. Click “Add”. The new secret will appear in the secrets list. Do not close the page and do not navigate away from it – once you do so you will not be able to find the secret value!
Open your 1CRM system in a separate browser window or tab, and go to Administration => System Settings. Scroll the page down to “OAuth2 Settings”, and click on “OAuth2 server location” field. Select the last option in the list with the address of your 1CRM system. Switch to the browser tab with the Azure portal and copy the secret value.
Paste the secret value into the “Client Secret for Microsoft Office 365 email” field in 1CRM system settings.
Switch back to the Azure portal and select “Overview” from the menu on the left and copy the client ID.
Paste the copied client ID into “Client ID for Microsoft Office 365 email” field in 1CRM system settings. Click “Save’.
Now navigate to ‘My Account’ section, go to Email Options and press ‘Edit’
From there you should fill out the options as below and press ‘Obtain New Token’
After successfully fetching a new token, press ‘Save’ and scroll to the bottom of the page again to repeat the process for a new Monitored Mailbox (incoming emails), example settings shown below
Get Your 1CRM 30-Day Free Trial
Want to test drive 1CRM 8.6? Try it out for 30 days – on us!
With no credit card required, you can sign up and be online within minutes!
