cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Scanning trouble coming: Google gmail to require Oauth for all connections 9/1/2024

Screefchap
Contributor

If you have a Canon MF-series or a scanner that you use to directly scan-to-email to a Gmail account, there are big and unpleasant changes coming.

To wit, the following arrived from Google today:

 

Dear Administrator,
We’re writing to let you know that as we previously shared in this blog post , we’ll be turning off access to less secure apps (LSA) — non-Google apps that can access Google accounts with only a username and password (basic authentication) — starting June 15, 2024
.
What do you need to know?
Access through basic authentication makes accounts more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access Google Workspace accounts.


Access to LSAs will be turned off in two stages:

1. Beginning June 15, 2024 - The LSA settings will be removed from the Admin console and can no longer be changed. Enabled users can connect after that time, but disabled users will no longer be able to access LSAs. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV,CardDAV, IMAP, SMTP, and POP. The IMAP enable/disable settings will be removed from users’ Gmail settings.
If you’ve been using LSAs prior to this date, you can continue using them until September 30, 2024.

2. Beginning September 30, 2024 - Access to LSAs will be turned off for all Google Workspace accounts. CalDAV, CardDAV, IMAP, and POP will no longer work when signing in with just a password — you will need to
login with a more secure type of access called OAuth

So the upshot is that unless Canon updates their firmware, that these devices will no longer be usable to directly scan-to-email to a Gmail account.

In my particular case, I have a:

imageCLASS MF426dw
Version Information:
Main Controller:12.01
Boot ROM:01.20
DCON:01.07
Language:01.18


...which does not (currently :-o) support Oauth.

What to do?

 

 

9 REPLIES 9

Jamieflowers
Apprentice

Bump??? Any movement on this? Scan to email is the most used function on our copier. HELP 

I’ve called Canon support and even spoken with the “Scan to email” team. There doesn’t appear to be any urgency about getting on this. This is concerning because it will take some design and development work to implement OAuth, so if they choose to let this break, it’ll take a month at least to release a fix. 

Kind of off-brand for Canon, who’ll usually have excellent service. 

The work around (for some) will be to route the mail through an SMTP server (such as one from your ISP)…

shadowsports
Legend
Legend

Greetings,

App Passwords will still be supported.  

Transition from less secure apps to OAuth - Google Workspace Admin Help

Scanners & other devices

For scanners or other devices using SMTP or less secure apps to send emails, use one of the following options:

  • Configure the device to use OAuth. 
  • Use an alternative way to scan or send an email from the device.    
  • Configure an app password for use with the device.  

I am already using this without issue.  I've had my Gmail account since 1994.  Less Secure Apps was removed from my personal accounts security settings years ago.  😉

Its not going to be any different for Google Workspace.  This is a good decision.  

See my reply here which should help:

Re: ImageCLASS MF753cdw Remote UI Missing Network ... - Canon Community

At some point, OAuth might be implemented, but this takes the heat off from a Gmail / Google Workspace / M365 standpoint. 😀

~Rick
Bay Area - CA


~R5 C (1.0.7.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

Thanks Rick.  I’ll configure an app password, and report back here. Likely next week, as I’m out of town at present. 

That’s not true, they are discontinuing support for app passwords in September. Canon needs to do something about this, otherwise it’s an expensive printer 

The press release is poorly worded. The fact that app passwords are working for Rick does not imply that they will necessarily continue to work. That said, others have spotted this issue too, and Google has replied in a manner consistent with what Rick has stated:

 

https://www.googlecloudcommunity.com/gc/Workspace-Q-A/Will-App-Passwords-work-for-IMAP-after-Sept-30... 

shadowsports
Legend
Legend

Greetings,

Its works perfectly.  I had no issues at all 👍

~Rick
Bay Area - CA


~R5 C (1.0.7.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

I can confirm that the solution that Rick kindly shared above does work, and even though the final confirmation will be on October 1, 2024 (the day after Google will disable LSAs), I'm fairly certain that this will (continue) to work...

For those using a Google domain, and within that domain, using a dedicated account to send scan emails, this can be implemented as follows:

1a. In an account that can manage the domain: Manage this organization > Security > Authentication > 2-step verification;

1b. Click the "Allow users to turn on 2-Step Verification" to enable it.  Note that this is the minimum necessary and sufficient requirement -- 2-factor does not need to be enforced for all users.

2a. In the account that sends scan emails: Manage your Google Account > Security > 2-Step Verification;

2b. Turn on 2-Step Verification, and add a method (e.g. authenticator, mobile number, etc).  Once this step is taken, scanning to email will immediately break until the rest of the steps are taken;

2c. Scroll to the bottom of the 2-Step Verification page, and click on "App passwords";

2d. Enter an app name (I used "MF426dw Scanner"), and click "Create";

2e. This will produce a 16-character password, which can then be entered as the password on the Canon device, and done.  Note that what is presented is actually 19 characters (because there are 4 blocks of 4 characters with a space between each), and using all 19 characters (i.e. including the spaces) will work.  Also note that the app password needs to be saved -- even if only in your OS cut buffer -- because there's no way to see it again.  If it's lost, a new one will need to be created.

3. Reboot the Canon device, and test scan to email.

Cheers!

shadowsports
Legend
Legend

Greetings,

You are correct Sir. Thanks for confirming.  

~Rick
Bay Area - CA


~R5 C (1.0.7.1) ~RF Trinity, ~RF 100 Macro, ~RF 100~400, ~RF 100~500, ~RF 200-800 +RF 1.4x TC, BG-R10, 430EX III-RT ~DxO PhotoLab Elite ~DaVinci Resolve ~ImageClass MF644Cdw/MF656Cdw ~Pixel 8 ~CarePaks Are Worth It

Announcements