In order to delegate authentication to Google, your Google account has to allow access to what Google defines as less secure apps. Foxpass is considered by Google to be one of those apps because it connects with Google's IMAP protocol during password delegation. Google considers any app that accesses uses IMAP protocol to be less secure because it may store your password. However, Foxpass simply passes your Google password straight to Google and never saves it, so the security risk is mitigated. You can read more about the 'less secure apps' setting here.
Additionally, 2-Factor Authentication must be turned off for delegated authentication to work. If a user requires 2-Factor Authentication to be turned on or otherwise should not have their authentication delegated to Google Apps, they can be added to your 'Delegated Exempt List' on Foxpass.
Note for Google LDAP Customers
If your Google account has access to the Google LDAP interface, you should use that method of delegated authentication. That requires no extra permissions for Foxpass and allows you to keep 2-Factor Authentication enabled.
If Google Apps is configured to allow individual users to choose their security level, users can then set their level of access here.
In order to enable less secure apps, have a Google Apps admin follow these steps:
- Go to https://admin.google.com/ and click on "Security"
- Click on "Basic settings"
- Click on "Go to settings for less secure apps >>"
- Select "Enforce access to less secure apps for all users"
Updated almost 2 years ago