Provisioning Gmail

This section describes how to provision Gmail. "Provisioning" means both creating a service account and the process by which Cloud App Security is granted the ability to access your Gmail environment.

Cloud App Security provisions the service account for Gmail through the OAuth 2.0 flow.


Cloud App Security allows only administrators assigned to the default Global administrator role to provision service accounts. For details about Cloud App Security role-based access control, see Administrator and Role.

Cloud App Security supports two protection modes for Gmail. For details, see Protection Modes for Email Services. Each mode requires separate service account provisioning.

Protection Mode


API-based Protection

See Provisioning a Gmail Service Account.

Inline Protection

See Provisioning a Service Account for Gmail (Inline Mode).


Currently, Inline Protection only protects inbound messages for Gmail.

You can choose to provision for both or either of the protection types for your Gmail service based on your requirements.