Introduction #
With GAT+ Google Workspace Super Admins and GAT+ Delegated Auditors can give users access to another user’s Gmail account indefinitely or temporarily.
By default Admins could delegate for any number of hours and GAT+ would automatically remove the delegation when the time set is up.
What is a Gmail delegate? #
A Gmail user can grant mailbox access to another user in the same Google Workspace organization. More info can be found here
Reasons for delegating access to users Gmail #
- To audit/remediate an incident
- Email delegation is a better way to gain access rather than resetting the user’s password to gain access
- If a user has forgotten to set up their auto-reply when they are on leave or on holidays
- To create or modify a user’s email signature
Note: Please ensure email delegation is allowed for users in your domain.
Google workspace – Enable Mail delegation #
Go to the Google Admin Console
Select ‘Apps’ > ‘Google Workspace ’ > ‘Gmail’ > ‘User Settings’ > Mail Delegation box is ticked off and allowed for your domain.

Set e-mail delegation #
Navigate to GAT+ → Users → Email info
Apply filter and search for the User whose Gmail account will be delegated to someone else.
Click on the “arrow” under Actions and select Add e-mail delegation
A pop-up window will be displayed
Request e-mail delegation
- Delegate – enter the Email of the delegate
- To fully access the mailbox – of the selected user
- Valid time (hours) – enter the hours for how long the email delegation to be active
- Set to 0 (zero) if it has to be valid indefinitely. Otherwise, access will be revoked after a set number of hours.
- Send request – click to send the request for approval
Approval Needed #
All listed security officers will receive an email notification for approval. But only one has to approve.
Result #
When the request is Approved. The Email Delegation will be set up.
The delegated account will appear in the chosen account, drop-down list in the user’s own Gmail account.
This can take several minutes and may require refreshing the Gmail page.
Selecting the ‘Delegated’ account will open a new tab in your Chrome browser with the new account.
Note: If the delegated user reads any unopened email in the audited account, this email will be marked as ‘read’.
Note: When an email is sent from the ‘Delegated’ account – Gmail will place a message from what user the email was sent from.
Troubleshooting a delegation error #
A delegate you added can’t access the assigned account
If a delegate can’t access an assigned account and gets an error instead, check if the delegated account is set to “Require user to change password at next sign-in.”