Gmail / Google Workspace

Use this guide for a personal @gmail.com address or a Google Workspace account at your own domain. There are two paths:

• App Password (recommended for most users) — simpler; works for personal accounts and most Workspace accounts.
• OAuth 2.0 via Google Cloud — more setup; appropriate when your Workspace administrator has disabled App Passwords or you need finer-grained scoping.

The App Password path is documented here in full. OAuth 2.0 is summarized at the bottom for advanced users.

Path A — App Password (Recommended)

1. Turn on 2-Step Verification

App Passwords only exist on accounts that have 2-Step Verification enabled.

1. Sign in at myaccount.google.com.
2. Open Security in the left navigation.
3. Find 2-Step Verification and turn it on if it isn’t already. Follow Google’s prompts (phone number, authenticator app, security key — your choice).

2. Generate an App Password

1. With 2FA on, go to myaccount.google.com/apppasswords.
2. Type a name for the app password — Xenocept is fine. The label is just for your reference later.
3. Click Create. A 16-character password appears in a popup, displayed in groups of four like abcd efgh ijkl mnop.
4. Copy it now. The popup is the only time Google shows you this value. Spaces in the displayed value are decorative — the actual password is the 16 alphanumeric characters with no spaces.
5. Click Done.

3. Configure the Email Destination in Xenocept

Open the Xenocept Settings UI → Destinations → New Destination → pick Email. Fill in:

Save the destination. Hit Submit on a Xenocept session and you should see the message arrive in the inbox you chose.

Note on port 465. Gmail also supports smtp.gmail.com:465 with implicit SSL/TLS. Either port works; 587 with STARTTLS is the more common modern choice.

Common Issues

• “Username and Password not accepted.” Your account doesn’t have 2FA enabled, or you pasted your regular password instead of the App Password. Double-check both.
• “Less secure app access” message. That setting is retired — App Passwords are the supported path now. If you see that phrase, your guide is out of date.
• Workspace admin blocked App Passwords. Some Workspace orgs disable App Passwords entirely. Ask your admin, or fall through to Path B below.

Path B — OAuth 2.0 via Google Cloud (Advanced)

OAuth 2.0 with Google requires:

1. A Google Cloud project. Create one at console.cloud.google.com.
2. The Gmail API enabled. In your project, open APIs & Services → Library and enable Gmail API.
3. An OAuth consent screen configured. Under APIs & Services → OAuth consent screen, set the user type, app name, support email, and add the https://mail.google.com/ scope (or the more restrictive https://www.googleapis.com/auth/gmail.send).
4. OAuth credentials (Client ID + Client Secret). Under APIs & Services → Credentials, create an OAuth client ID of type Desktop app or Web application depending on how you intend to obtain refresh tokens.
5. An initial refresh token. Run an OAuth flow once to obtain a refresh token tied to your sending account; the SMTP auth then uses that token via XOAUTH2.

In practical terms, OAuth 2.0 is several orders of magnitude more setup than the App Password path, and is only worth it if your environment forbids App Passwords. If you need to go down this road, the Google “Sign in with OAuth via IMAP and SMTP” docs are the authoritative reference.

Final Checks

• The recipient inbox is checked — sessions arrive there, not in the Sent folder of your Gmail account (the From and To can be the same address, though, if you just want to email yourself).
• Heavy attachments stay under Gmail’s 25 MB per-message limit. Xenocept sessions with many comments may approach that — if you regularly exceed it, point the Email destination at a non-Gmail recipient that accepts larger messages.