Support Forums
email alarm notification with gmail accounts

Does VTScada's built in e-mail client meet the security requirements Google describe

Many of our customers are using gmail to send alarm notifications. We've upgraded some of them to VTScada and are not sure what will happen when google disable access to what they refer to as "less secure apps".

Does VTScada's built in e-mail client meet the security requirements Google describe - here ---> [https://support.google.com/accounts/answer/6010255#more-secure-apps-how](https://support.google.com/accounts/answer/6010255#more-secure-apps-how) - and here ---> [https://support.google.com/accounts/answer/3466521](https://support.google.com/accounts/answer/3466521) Many of our customers are using gmail to send alarm notifications. We've upgraded some of them to VTScada and are not sure what will happen when google disable access to what they refer to as "less secure apps".

Are you getting calls from other customers about this today? One of the sites I was worried about stopped sending e-mail alarm notifications last night & the problems seem to be on gmails end.

Are you getting calls from other customers about this today? One of the sites I was worried about stopped sending e-mail alarm notifications last night & the problems seem to be on gmails end.

I'm not sure of the call volume today but do expect this will affect several users who may not have caught the official announcement.

Here is the official response from Trihedral:

Google and Microsoft Change Third-party Access Process
Many VTScada customers rely on Google or Microsoft’s email servers to send alarm notifications to operators. This year (2022) both providers will change how third-party applications such as VTScada can access their systems. Authentication by username and password over POP3 and SMTP will no longer be allowed and instead, access via OAuth 2.0 will be required.

This only affects customers using Google or Microsoft email servers For Alarm Notifications. If your site maintains its own email server or if you are using a different provider, this change does not affect you.

Trihedral recommends OAuth 2.0, as will be required by both Google and Microsoft. Changing from basic authentication to this new system will involve effort, but in today’s security environment it is simply not safe to continue using basic authentication.

  1. You can try using an App Password. These are vender-generated passwords that can be used only with a specific app or device. After generating the App Password, use that as the password when configuring outgoing and incoming email accounts in VTScada. While the instructions state that it need be used only once, you are advised to leave the App Password configured.
  2. Instructions to generate an App Password for Google are available here . Instructions to generate an App Password for Microsoft are available here. Venders note that this option is less secure than OAuth 2.0, therefore use at your own risk.
  3. There are other Internet-based email providers who do continue to provide basic authentication over POP3 and SMTP. While Trihedral cannot recommend these, we acknowledge that they are an option, especially for smaller sites that might find it challenging to implement an OAuth 2.0 solution.

To Implement OAuth 2.0
Before configuring VTScada to send and receive email using your OAuth 2.0 credentials you will need to do the following:

  1. Obtain an account with either Google or Microsoft Azure that allows OAuth 2.0 configuration, to be used by your VTScada server. Refer to the Google or the Microsoft documentation for specifics of how to create such an account. Both companies provide a variety of options, and we cannot provide guidance beyond noting the importance of ensuring that the account must allow for OAuth 2.0 configuration.
  2. Protect access to your VTScada server with an X.509 certificate. (Or as it is more commonly known, an SSL Certificate.) This is an absolute requirement for OAuth 2.0. Reference notes and instructions are provided in the VTScada documentation here .

With those in place, you can proceed with OAuth 2.0 configuration for your VTScada email notifications. Reference notes, instructions and examples are provided in the VTScada documentation here.

I'm not sure of the call volume today but do expect this will affect several users who may not have caught the official announcement. Here is the official response from Trihedral: **Google and Microsoft Change Third-party Access Process** Many VTScada customers rely on Google or Microsoft’s email servers to send alarm notifications to operators. This year (2022) both providers will change how third-party applications such as VTScada can access their systems. Authentication by username and password over POP3 and SMTP will no longer be allowed and instead, access via OAuth 2.0 will be required. **This only affects customers using Google or Microsoft email servers For Alarm Notifications.** If your site maintains its own email server or if you are using a different provider, this change does not affect you. Trihedral recommends OAuth 2.0, as will be required by both Google and Microsoft. Changing from basic authentication to this new system will involve effort, but in today’s security environment it is simply not safe to continue using basic authentication. 1. You can try using an App Password. These are vender-generated passwords that can be used only with a specific app or device. After generating the App Password, use that as the password when configuring outgoing and incoming email accounts in VTScada. While the instructions state that it need be used only once, you are advised to leave the App Password configured. 2. Instructions to generate an App Password for Google are available [here](https://support.google.com/accounts/answer/185833) . Instructions to generate an App Password for Microsoft are available [here](https://support.microsoft.com/en-us/account-billing/using-app-passwords-with-apps-that-don-t-support-two-step-verification-5896ed9b-4263-e681-128a-a6f2979a7944#:~:text=1%20Go%20to%20the%20Security%20basics%20page%20and,your%20normal%20Microsoft%20account%20password%20in%20the%20application). **Venders note that this option is less secure than OAuth 2.0, therefore use at your own risk.** 3. There are other Internet-based email providers who do continue to provide basic authentication over POP3 and SMTP. While Trihedral cannot recommend these, we acknowledge that they are an option, especially for smaller sites that might find it challenging to implement an OAuth 2.0 solution. **To Implement OAuth 2.0** Before configuring VTScada to send and receive email using your OAuth 2.0 credentials you will need to do the following: 1. Obtain an account with either Google or Microsoft Azure that allows OAuth 2.0 configuration, to be used by your VTScada server. Refer to the Google or the Microsoft documentation for specifics of how to create such an account. Both companies provide a variety of options, and we cannot provide guidance beyond noting the importance of ensuring that the account must allow for OAuth 2.0 configuration. 2. Protect access to your VTScada server with an X.509 certificate. (Or as it is more commonly known, an SSL Certificate.) This is an absolute requirement for OAuth 2.0. Reference notes and instructions are provided in the VTScada documentation [here](https://www.vtscada.com/help/Content/D_Customize/Dev_SSLCerts.htm) . With those in place, you can proceed with OAuth 2.0 configuration for your VTScada email notifications. Reference notes, instructions and examples are provided in the VTScada documentation here.

Trihedral Engineering Ltd.

Thanks you Dave for that & to the Trihedral folks who put that official response together. It had all the info I needed & our VTScada customer's getting e-mails again.

Thanks you Dave for that & to the Trihedral folks who put that official response together. It had all the info I needed & our VTScada customer's getting e-mails again.
98
5
3
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft