Skip to Content
Technical Articles
Author's profile photo Sing Loo Boon

CPI – Gmail SMTP Integration

A few days ago, I hit a roadblock when I tried to configure a CPI-Gmail SMTP Integration. After setting up the Gmail credential using my usual Gmail user name and password, and performing a Connectivity Test, I encountered the error message ‘Username and Password not accepted’. I did some research and found that I had to use the App Password approach in order to access the Gmail SMTP from CPI. After completely configured the App Password approach, the Connectivity Test turned out to be successful. I then configured the rest of the Integration Flow starting from SOAP as the sender and ending the event with sending an email to my Yahoo account via my Gmail account.

In this writing, I will briefly share with you the steps taken to configure the CPI-Gmail integration.


Step 1: Setting Up the App Password.

The detailed information on how to setup an App Password can be found at To setup the App Password, login to your Google Account and click the ‘Manage your Google Account’ button. It should be located at the top right corner. At your ‘Google Account’ page, click the ‘Security’ link located on your left. You will see the ‘App Passwords’ link inside the ‘Signing in to Google’ box.


After clicking the ‘App password’ link, you may start creating an App Password. As shown in the figure below, select ‘Other (Custom Name)’ under the ‘Select App’ drop-down and click ‘Generate’.


Enter the name of your choice and in my case, I have entered ‘CPI Mail’, as shown in the below figure. Click ‘Generate’.


You will see your new 16-character App Password in the ‘Generate app password’ page, as shown in the figure below. Copy this password.



Step 2: Setup Credential in CPI.

In your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’, as shown in the figure below. Then, click on the ‘Security Material’ tile.


In the ‘Manage Security Material’ page, select ‘Add’, then ‘User Credentials’, as shown in the figure below.


In the ‘Add User Credentials’ screen, enter a name of your choice. In my case, it was ‘GMAIL_CREDENTIAL’. Enter the Description and select ‘User Credentials’ as Type. Enter your full Gmail account user name at the ‘User:’ textbox.

Lastly, paste the 16-character App Password into the ‘Password:’ and ‘Repeat Password:’ textboxes.

Click ‘Deploy’.



Step 3: Import Google Certificates

This step allows the Gmail SMTP server to authenticate itself against SAP Cloud Platform Integration.

At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Connectivity Tests’ tile, which is located under the ‘Manage Security’ section. In the ‘Test Connectivity’ page, click ‘SMTP’ and enter the details as shown in the figure below. Ensure that the ‘Credential Name’ is the same as what you entered previously in the ‘Manage Security Material’ page. Then, click ‘Send’ and you should see the green successful response. Click the ‘Download’ button to download the certificates into your computer.

Lastly, once in your computer, unzip the certificate file.


Step 4: Install the certificates on CPI

At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Keystore’ tile, which is located under the ‘Manage Security’ section.


In the ‘Manage Keystore’ page, click ‘Add’, then ‘Certificate’, as shown in the figure below.


In the ‘Add Certificate’ page, enter the ‘Alias’ of your choice (in my case, it is ‘Gmail Certs’). Select the certificate from your PC and click ‘Deploy’.


Repeat the addition of the second certificate, as shown in the figure below.


Once done, you will see two additional entries in the ‘Manage Keystore’ listing. In my case, they are ‘gmail certs’ and ‘gmail cert2’, as shown in the figure below.



Step 5: Create and Deploy the Integration Flow

Now, you may design and deploy the iFlow.

Below is my simple iFlow for testing

Below is the configuration in the ‘General’ Tab

And here is the configuration in the ‘Connection’ tab. Please ensure that you enter the same value in the ‘Credential Name:’ textbox, as what you have previously created in ‘Step 2: Setup Credential in CPI.’.



Step 6: Testing the Integration Flow

Finally, you may test the iFlow.

In my case, I used the SOAPUI application to simulate sending a SOAP message to the iFlow.


And here, as shown in the figure below, the email with the SOAP content was successfully sent to my Yahoo account.




In summary, the vital steps to setup a CPI-Gmail SMTP integration involve creating an App Password via the Google account, and setting up credentials in CPI using the App Password. It also involves importing Google certificates and installing the certificates on CPI.


Hope you find this article helpful and if you have any suggestion and comments, please do not hesitate to reply to the Comments section below.

Thank you and have a pleasant time ahead.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Suresh Datti
      Suresh Datti

      Did you have to import the certificate often? we are having to do it whenever our our iFlow fails.. ( even when the certificate is still valid ).. this is seems to occur  more frequently of late

      Author's profile photo Sing Loo Boon
      Sing Loo Boon
      Blog Post Author

      Hi Suresh,

      Sorry for my late reply. So far, after two weeks, there is no need to re-import the certificate at my end.



      SL Boon

      Author's profile photo Pooja Tiwari
      Pooja Tiwari

      Thank you so much for explanation.I was able to configure it successfully.




      Author's profile photo Raquel Fitzpatrick
      Raquel Fitzpatrick

      Great tip! Thanks a lot for sharing!!

      Author's profile photo Zenon Kowalewski
      Zenon Kowalewski

      It works!  Thanks!

      Author's profile photo Balaji Ponnam
      Balaji Ponnam

      Thank you for sharing. Great Blog!

      Author's profile photo Jaith Ambepitiya
      Jaith Ambepitiya

      Thanks a lot Boon. was stuck for a while with SMTP receiver and that worked for me too.

      In alomost every one had used port 587. But for me that didn't work. I was getting certification issue  for this ..(PKIX error. )

      Author's profile photo Rajesh Kumar
      Rajesh Kumar

      Hi Sing Loo Boon,

      I Created One iflow with Mail Receiver Adapter. I fallowed the process what you said but I am getting Error like Could not Connect to Host . Here I am attaching the screenshots . Please check the same and give me the solution. I am waiting for your replay. I am using SAP CPI Cloud foundry Trial version.






      Connectivity Test









      Could Not Connect Host

      Please give the solution for this error.


      Rajesh Kumar.P

      Author's profile photo Raihan Siddiqui
      Raihan Siddiqui

      Please try to use port 465 as gmail does not support SMTP/STARTTLS.
      Also in the adapter keep the protection as SMTPS.



      Author's profile photo Partha Pal
      Partha Pal

      Awesome blog! Very helpful! Thanks for sharing.

      Author's profile photo Jose Canet
      Jose Canet

      Good morning.


      Thanks for your helpful blog, it's instructive and easy to understand.


      Thanks for sharing!!!

      Author's profile photo chandra kanth
      chandra kanth

      Thank you so much for your blog.. it's very much helpful for me...:-)






      Author's profile photo Juan Se JS
      Juan Se JS

      Thks Sing, because I had this error.

      Author's profile photo VU QUYNH ANH PHAM

      May I ask which Role/Authorization do you need in order to add a certificate (for Gmail SMPT) to the Manage Keystore in Trial Account?

      I am trying to import the gmail cer files but it keeps throwing the error “You are not authorized to perform this action” even though I have assigned PI_Administrator to myself.


      Thank you!

      Author's profile photo Sing Loo Boon
      Sing Loo Boon
      Blog Post Author

      Hi Vu,

      Could please try check whether these apply to you?

      Group Role AuthGroup.Admin or Single Roles, and NodeManager.deploysecuritycontent.





      Author's profile photo Hishmat Sultani
      Hishmat Sultani

      Thanks Sing Loo Boon

      It was very useful! I tried with App Password but it did not work until I complete the set up with the gmail connectivity test and certificates.

      Author's profile photo Shahrukh Bhat
      Shahrukh Bhat

      Thank you, this was helpful.

      Author's profile photo hari babu
      hari babu

      javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 3sm955798wmv.6 - gsmtp


      i tried for oneday full but not worked getting same error

      Author's profile photo Rajesh Dash
      Rajesh Dash

      Thanks Sing Loo. I followed your steps and I was able to send email from SAP CPI to my Gmail account. In CPI, I had used a different email address in the 'from' field. However, the email I received had my Gmail in the from email address.

      Author's profile photo Rashmi Mukundan
      Rashmi Mukundan

      Thank you .It is very helpful.




      Author's profile photo Federico Bellizia
      Federico Bellizia

      I notice May 30 2022 Google will stop to accept "Less secure application access", I've just created an account for notification and it doesn't accept my credentials.

      I followed all steps to activate app password and I generated it.

      But CPI give everytime this error:

      javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 j16-20020a05600c191000b0038c9249ffdesm2814147wmq.9 - gsmtp


      It's not "wrong password", it said "Not accepted".


      I've tested all combinations between protocols, credentials, and generate 2-3 app passwords.


      Federico Bellizia


      Author's profile photo Manikandan Marimuthu
      Manikandan Marimuthu

      After facing the same problem with couple of my gmail accounts, Finally i could create a new one and still it failed with the same security exception that you got.

      Then i went to Google Account-->Security-->Turned on the "Less secure app access"

      Then the iflow messages completed without errors.

      However i did not receive the email.

      Then i realised that It was a mistake. The old email id value was the culprit in the Mail channel->Processing .After fixing it, i could receive the email from the iflow.

      It appears to me that there is no need to use the app password feature.  May be others can also try and comment.

      Author's profile photo Federico Bellizia
      Federico Bellizia

      Hi Manikandan Marimuthu,

      I double checked the new account settings and I can't find Less Security switch, I remember it and now when you search for it this information are showed:



      so... I turned off 2 step verification:


      But if I click on App passwords:



      But now Less secure come back to main screen:


      So after 30 May 2022 there is another method to use them?


      If you are using this mail service you will have some trouble I suppose.



      Author's profile photo Federico Bellizia
      Federico Bellizia

      I tested after but same error:


      Any other service we can use instead of this?


      Author's profile photo Qi Liu
      Qi Liu

      It works! Thank you for sharing!

      Author's profile photo Federico Bellizia
      Federico Bellizia

      So gmail doesn't work anymore, we are moving on yahoo service meanwhile we try to find a solution.


      Author's profile photo Pedro Ferreira
      Pedro Ferreira

      Great! Thank you for this detailed blog.

      It worked perfectly.

      Author's profile photo David Jira
      David Jira

      This article was very helpful for me!

      It works perfectly!

      Author's profile photo Peng Ward
      Peng Ward

      Good work, it helps a lot. Thanks!

      Author's profile photo Arjan Kock
      Arjan Kock

      For me this didn't work, because Google has switched off app-specific passwords since May 2022, as others have pointed out earlier. 

      I solved this by creating an outlook account, which does allow app-specific passwords, see this  for more information

      Author's profile photo Alok Yadav
      Alok Yadav

      We can now use open connector and use Gmail api to send emails, open connectors doesn't work so use HTTP.