Easily Delegate One Gmail Account to Another Indefinitely or Temporary

Introduction #

With GAT+ Google Workspace Super Admins and GAT+ Delegated Auditors can give users access to another user’s Gmail account indefinitely or temporarily.

By default Admins could delegate for any number of hours and GAT+ would automatically remove the delegation when the time set is up.

What is a Gmail delegate?  #

A Gmail user can grant mailbox access to another user in the same Google Workspace organization. More info can be found here 

Reasons for delegating access to users Gmail #

  • To audit/remediate an incident
  • Email delegation is a better way to gain access rather than resetting the user’s password to gain access
  • If a user has forgotten to set up their auto-reply when they are on leave or on holidays
  • To create or modify a user’s email signature

Note: Please ensure email delegation is allowed for users in your domain.

Google workspace – Enable Mail delegation #

Go to the Google Admin Console 

Select ‘Apps’ > ‘Google Workspace ’ > ‘Gmail’ > ‘User Settings’ > Mail Delegation box is ticked off and allowed for your domain.

 

Set e-mail delegation #

Navigate to GAT+ → Users → Email info

Apply filter and search for the User whose Gmail account will be delegated to someone else.

Click on the “arrow” under Actions and select Add e-mail delegation

A pop-up window will be displayed

Request e-mail delegation 

  • Delegate – enter the Email of the delegate
  • To fully access the mailbox – of the selected user
  • Valid time (hours) – enter the hours for how long the email delegation to be active
    • Set to 0 (zero) if it has to be valid indefinitely. Otherwise, access will be revoked after a set number of hours.
  • Send request – click to send the request for approval

Approval Needed #

All listed security officers will receive an email notification for approval. But only one has to approve. 

 

Result #

When the request is Approved. The Email Delegation will be set up.

The delegated account will appear in the chosen account, drop-down list in the user’s own Gmail account.

This can take several minutes and may require refreshing the Gmail page.

Selecting the ‘Delegated’ account will open a new tab in your Chrome browser with the new account.

Note: If the delegated user reads any unopened email in the audited account, this email will be marked as ‘read’.

Note: When an email is sent from the ‘Delegated’ account – Gmail will place a message from what user the email was sent from.

Troubleshooting a delegation error #

A delegate you added can’t access the assigned account

If a delegate can’t access an assigned account and gets an error instead, check if the delegated account is set to “Require user to change password at next sign-in.”

 

This website uses cookies to ensure you get the best experience on our website