## Gmail integration

Integrating Gmail with Frontegg allows your application to read, send, and manage email messages, threads, labels, and drafts in users' Gmail mailboxes — all through Frontegg's integration layer using Google OAuth 2.0.

Prerequisites
- A Google account with access to [Google Cloud Console](https://console.cloud.google.com/)
- A Google Cloud project (you can create one during setup)


### Enable the Gmail API

#### Step 1: Open the Gmail API in the API library

Go to the [Gmail API](https://console.cloud.google.com/apis/library/gmail.googleapis.com) page in the Google Cloud Console. Select your project from the top navigation, then click **Enable** if the API is not yet enabled. If you see **Manage** and **API Enabled**, the API is already active.

![Gmail API page in Google Cloud Console](/assets/gmail-1.0c233b105ca4ae251b7eaf5f02080ca62cd4f9fc530c248436a2e676f8451cb6.1ce25488.png)

### Create an OAuth client

#### Step 2: Go to the Credentials page

In the left sidebar, navigate to **APIs & Services** → **Credentials**. Click **Create credentials**.

![Credentials page with Create credentials button highlighted](/assets/gmail-2.494add4d3662f0393fba52c305cc8aefc0a6566b9b716f8ffbf0ba38ded38ef6.1ce25488.png)

#### Step 3: Select OAuth client ID

From the dropdown, select **OAuth client ID**.

![Create credentials dropdown with OAuth client ID highlighted](/assets/gmail-3.e7731f75c94ed10ca67d3187983fbb9ae61ffbad1bbb57c21165c682a29e4924.1ce25488.png)

#### Step 4: Configure the OAuth client

On the **Create OAuth client ID** page:

1. Set **Application type** to **Web application**.
2. Enter a name for the client (for example, `Frontegg Gmail Integration`).
3. Under **Authorized redirect URIs**, click **Add URI** and add both of the following:
  - `https://YOUR_MCP_GATEWAY_URL/integration-callback`


![OAuth client form with name and redirect URIs filled in](/assets/gmail-4.a079ea4a556bbfb40c74e2bb46856e40026d746fd555d1a971ce5ded0d3ab440.1ce25488.png)

#### Step 5: Create the client

Click **Create** to save the OAuth client. A dialog will display your **Client ID** and **Client Secret** — copy both values and store them securely.

Save your Client Secret now
The Client Secret is only shown once in this dialog. After you close it, you cannot retrieve it again — you can only create a new secret.

![OAuth client created dialog showing Client ID and blurred Client Secret](/assets/gmail-5.527c2f734260c842d4385cd27afec6969629e174a82d9a14e1005596e1a07401.1ce25488.png)

### Copy your credentials

#### Step 6: Copy the Client ID from the credentials list

After closing the dialog, your new client appears in the **OAuth 2.0 Client IDs** list on the Credentials page.

![Credentials page showing the new Frontegg Gmail Integration client](/assets/gmail-6.3a77ea92174df6e043358d6cacc59fd2850b603d3a823fb333dadaad29048c15.1ce25488.png)

#### Step 7: View Client ID in the client detail page

Click the client name to open its detail page. You can view and copy the **Client ID** at any time from the **Additional information** section.

![OAuth client detail page showing Client ID](/assets/gmail-7.23a2d40fb5854e855e9aed7d592177837d3aec5f93c77f3e3217e8248091c59a.1ce25488.png)

### Configure the Frontegg portal

Once you have your **Client ID** and **Client Secret**, enter them in the Frontegg portal:

1. Open the **Frontegg portal** and navigate to [ENVIRONMENT] → Integrations → Gmail.
2. Enter the **Client ID** and **Client Secret** in the corresponding fields.
3. Select the required **scopes**:


| Scope | Description |
|  --- | --- |
| `https://www.googleapis.com/auth/gmail.modify` | Read, compose, send, and permanently delete threads and messages |
| `https://www.googleapis.com/auth/gmail.readonly` | Read all resources and their metadata |
| `https://www.googleapis.com/auth/gmail.compose` | Create, read, update, and delete drafts; send messages |
| `https://www.googleapis.com/auth/gmail.send` | Send messages only |
| `https://www.googleapis.com/auth/gmail.insert` | Insert and import messages |
| `https://www.googleapis.com/auth/gmail.labels` | Create, read, update, and delete labels |
| `https://mail.google.com/` | Full access to the account's mailboxes |
| `https://www.googleapis.com/auth/gmail.settings.basic` | Manage basic mail settings |
| `https://www.googleapis.com/auth/gmail.settings.sharing` | Manage sensitive mail settings including forwarding rules and aliases |
| `https://www.googleapis.com/auth/gmail.metadata` | View email metadata such as labels and headers, but not the email body |


1. Click **Save**.


Keep your credentials secure
Never share or commit your Client Secret to version control.

### Additional resources

- [Gmail API documentation](https://developers.google.com/gmail/api/reference/rest)
- [Google Cloud Console](https://console.cloud.google.com/)
- [Setting up OAuth 2.0](https://developers.google.com/identity/protocols/oauth2/)
- [How to get your Redirect URL](/agen-for-work/connectors/redirect-url)