Skip to main content

Enable group email fan-out in Google Workspace

  • Updated

See our main article, Configure Email Integration for Google Workspace, for complete setup instructions. This article is focused on enabling EchoMark to send individual messages to each recipient when the email address on the to, cc, or bcc line is for a Workspace group (a.k.a distribution list).

 

Background

Google's Groups use a shared inbox, meaning that a mail sent to a group address will result in only a single mail stored in a shared inbox where Group members have access to read it. Whereas mail sent to multiple address on a to/cc/bcc-line result in a different copy of the email being sent and then stored in each individual recipient's inbox.

EchoMark works by personalizing copies of email for each recipient. So in order to function properly with a Google Group on the to-line (IE send a unique copy to each recipient), EchoMark needs access to your organization's Group memberships so that it can send unique personalized mail to each recipient of a Group rather than a single email to a shared inbox.

The instructions below will enable EchoMark to access your Group memberships in order to properly expand and mark mail with a Group on the to-line.

 

Important
Fanning out large group messages can create a higher-than-normal volume of email for you organization, which in turn can trigger Google's SMTP sending limits. Contact your TAM to ensure that you have the appropriate SMTP organizational daily limit.

 

1. Create a Project in Google Cloud

  1. Open the Service Accounts page in your Google Admin Console.
  2. Click Create project.
  3. Give the project a name, like EchoMark Integration
  4. Click Create.

2. Enable Admin APIs for the project

EchoMark uses the Admin API to view Group membership within your org.

  1. Navigate to the APIs & Services page in your Google Admin Console.
  2. Click Enable APIs and Services.
  3. In the API library that appears, search for Admin, and then select Admin SDK API.
  4. Within that page, click Enable.
  5. Then back in API Library, search for Group Settings, and then select Group Settings API.
  6. Within that page, also click Enable.

3. Create a service account

A service account will allow EchoMark to access Group membership information in your Workspace.

  1. Open the Service Accounts page in your Google Admin Console.
  2. Make sure the project you just created above is selected.
  3. Click Create a Service Account.
  4. Under Service account name, enter EchoMark Sender.
  5. Press Done.
  6. Take note of your OAuth 2 Client ID for later.

4. Create a service account key

This public/private key pair will be generated and downloaded to your computer. It serves as the only copy of the private key.

  1. Click the email address of the service account that you created.
  2. Click the Keys tab.
  3. In the Add key drop-down list, select Create new key.
  4. Ensure that Key type is JSON and Click Create.
  5. Take note of the location of this downloaded key for later.

 

5. Delegate domain-wide authority to the service account

The EchoMark service account needs domain-wide authority in order to access APIs for Groups.

  1. From your Workspace's Admin console, navigate to Main menu > Security > Access and data control > API Controls.
  2. In the Domain wide delegation pane, select Manage Domain Wide Delegation.
  3. Click Add new.
  4. In the ClientID field, enter the service account's Client ID from Service Account you created above. You can find this on the Service Accounts page.
  5. In the OAuth scopes (comma-delimited) field, enter 
    https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/apps.groups.settings, https://www.googleapis.com/auth/admin.directory.user.readonly
  6. Click Authorize.

 

6. Share info with EchoMark

EchoMark needs two pieces of information to complete your setup:

  • The service account key you created above.
  • The email address of a Workspace super-admin that EchoMark can use to query group membership. We do not need credentials for this address, but it should be a live and active account. In order to ensure that EchoMark continues to function in the case of employee turnover, we recommend that you create and authorize a unique super-admin user (e.g. "EchoMark Bot"), but we can use any super-admin email address in your organization.

Please share these with us using a secure file share system.

 

7. Continue setup

Return to the main setup article and continue to the next step: Configure Email Integration for Google Workspace

Related articles

Can't find what you're looking for?

Contact us