Introduction #
With GAT+ Google Workspace Super Admins and GAT+ Delegated Auditors can give users access to another user’s Gmail account indefinitely or temporarily.
By default Admins could delegate for any number of hours and GAT+ would automatically remove the delegation when the time set is up.
What is a Gmail delegate? #
A Gmail user can grant mailbox access to another user in the same Google Workspace organization. More info can be found here
Note: Please ensure email delegation is allowed for users in your domain.
Google workspace – Enable Mail delegation #
Go to the Google Admin Console
Select ‘Apps’ > ‘Google Workspace ’ > ‘Gmail’ > ‘User Settings’ > Mail Delegation box is ticked off and allowed for your domain.
Set Email delegation #
Navigate to GAT+ → Users → Email info
- Apply Filter and Locate User:
- Use the filter options to find the user whose Gmail account will be delegated.
- Once located, click on the “arrow” under Actions.
- Initiate Email Delegation:
- From the Actions menu, select “Add e-mail delegation.”
- Pop-up Window Display:
- A pop-up window will appear.
- Request Email Delegation:
- Complete the following fields in the pop-up window:
- Delegate: Enter the email address of the person who will receive delegation.
- To Fully Access the Mailbox: Choose the user whose mailbox will be accessed.
- Valid Time (hours): Specify the duration for which the email delegation will be active.
- Set to 0 (zero) for indefinite access; otherwise, access will be revoked automatically after the set number of hours.
- Click “Send Request” to submit the delegation request for approval.
Approval Needed #
All listed security officers will receive an email notification for approval. But only one has to approve.
Result of the delegation #
Approval Confirmation:
- Once your request is approved, the Email Delegation setup will be initiated.
- The delegated account will now appear in the chosen account drop-down list within the user’s Gmail account.
- Note that this setup may take a few minutes to complete.
- Refresh Gmail Page if Needed:
- If the delegated account doesn’t appear immediately, try refreshing your Gmail page.
- Note: If the “Valid hours” is selected the delegation will be removed automaitcally after the X hours chosen
Accessing Delegated Account:
- Choose the ‘Delegated’ account from the drop-down list to open a new tab in your Chrome browser.
Important Notes:
- If the delegated user reads any unopened email in the audited account, the email will be marked as ‘read’.
- When an email is sent from the ‘Delegated’ account, Gmail will clearly indicate the sender’s information.
Troubleshooting Delegation Errors:
Issue: Delegate Can’t Access Assigned Account – A delegate encounters difficulty accessing an assigned account and receives an error:
Solution: Check if the delegated account is set to “Require user to change password at next sign-in.”
Issue: GAT says the request is processed, but the user still doesn’t see the delegation available to access the account in gmail.
Solution: if the user has already made the email delegation request from the gmail application, ask them to cancel the request, and try setting email delegation with GAT again. When the user has already made the request, the API will overlook the email delegation request, and not process it. Cancelling the original request in gmail resolves this.
Conclusion: This concludes the email delegation process. By following these steps, you can seamlessly manage delegated accounts and troubleshoot common issues. If further assistance is needed, please refer to our support address at support@gatlabs.com