Skip to Content
Technical Articles
Author's profile photo Sing Loo Boon

CPI – Gmail SMTP Integration

A few days ago, I hit a roadblock when I tried to configure a CPI-Gmail SMTP Integration. After setting up the Gmail credential using my usual Gmail user name and password, and performing a Connectivity Test, I encountered the error message ‘Username and Password not accepted’. I did some research and found that I had to use the App Password approach in order to access the Gmail SMTP from CPI. After completely configured the App Password approach, the Connectivity Test turned out to be successful. I then configured the rest of the Integration Flow starting from SOAP as the sender and ending the event with sending an email to my Yahoo account via my Gmail account.

In this writing, I will briefly share with you the steps taken to configure the CPI-Gmail integration.


Step 1: Setting Up the App Password.

The detailed information on how to setup an App Password can be found at To setup the App Password, login to your Google Account and click the ‘Manage your Google Account’ button. It should be located at the top right corner. At your ‘Google Account’ page, click the ‘Security’ link located on your left. You will see the ‘App Passwords’ link inside the ‘Signing in to Google’ box.


After clicking the ‘App password’ link, you may start creating an App Password. As shown in the figure below, select ‘Other (Custom Name)’ under the ‘Select App’ drop-down and click ‘Generate’.


Enter the name of your choice and in my case, I have entered ‘CPI Mail’, as shown in the below figure. Click ‘Generate’.


You will see your new 16-character App Password in the ‘Generate app password’ page, as shown in the figure below. Copy this password.



Step 2: Setup Credential in CPI.

In your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’, as shown in the figure below. Then, click on the ‘Security Material’ tile.


In the ‘Manage Security Material’ page, select ‘Add’, then ‘User Credentials’, as shown in the figure below.


In the ‘Add User Credentials’ screen, enter a name of your choice. In my case, it was ‘GMAIL_CREDENTIAL’. Enter the Description and select ‘User Credentials’ as Type. Enter your full Gmail account user name at the ‘User:’ textbox.

Lastly, paste the 16-character App Password into the ‘Password:’ and ‘Repeat Password:’ textboxes.

Click ‘Deploy’.



Step 3: Import Google Certificates

This step allows the Gmail SMTP server to authenticate itself against SAP Cloud Platform Integration.

At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Connectivity Tests’ tile, which is located under the ‘Manage Security’ section. In the ‘Test Connectivity’ page, click ‘SMTP’ and enter the details as shown in the figure below. Ensure that the ‘Credential Name’ is the same as what you entered previously in the ‘Manage Security Material’ page. Then, click ‘Send’ and you should see the green successful response. Click the ‘Download’ button to download the certificates into your computer.

Lastly, once in your computer, unzip the certificate file.


Step 4: Install the certificates on CPI

At your SAP Cloud Platform Integration’s Overview page, click ‘Monitor’ and then click the ’Keystore’ tile, which is located under the ‘Manage Security’ section.


In the ‘Manage Keystore’ page, click ‘Add’, then ‘Certificate’, as shown in the figure below.


In the ‘Add Certificate’ page, enter the ‘Alias’ of your choice (in my case, it is ‘Gmail Certs’). Select the certificate from your PC and click ‘Deploy’.


Repeat the addition of the second certificate, as shown in the figure below.


Once done, you will see two additional entries in the ‘Manage Keystore’ listing. In my case, they are ‘gmail certs’ and ‘gmail cert2’, as shown in the figure below.



Step 5: Create and Deploy the Integration Flow

Now, you may design and deploy the iFlow.

Below is my simple iFlow for testing

Below is the configuration in the ‘General’ Tab

And here is the configuration in the ‘Connection’ tab. Please ensure that you enter the same value in the ‘Credential Name:’ textbox, as what you have previously created in ‘Step 2: Setup Credential in CPI.’.



Step 6: Testing the Integration Flow

Finally, you may test the iFlow.

In my case, I used the SOAPUI application to simulate sending a SOAP message to the iFlow.


And here, as shown in the figure below, the email with the SOAP content was successfully sent to my Yahoo account.




In summary, the vital steps to setup a CPI-Gmail SMTP integration involve creating an App Password via the Google account, and setting up credentials in CPI using the App Password. It also involves importing Google certificates and installing the certificates on CPI.


Hope you find this article helpful and if you have any suggestion and comments, please do not hesitate to reply to the Comments section below.

Thank you and have a pleasant time ahead.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Suresh Datti
      Suresh Datti

      Did you have to import the certificate often? we are having to do it whenever our our iFlow fails.. ( even when the certificate is still valid ).. this is seems to occur  more frequently of late

      Author's profile photo Sing Loo Boon
      Sing Loo Boon
      Blog Post Author

      Hi Suresh,

      Sorry for my late reply. So far, after two weeks, there is no need to re-import the certificate at my end.



      SL Boon

      Author's profile photo Pooja Tiwari
      Pooja Tiwari

      Thank you so much for explanation.I was able to configure it successfully.




      Author's profile photo Raquel Fitzpatrick
      Raquel Fitzpatrick

      Great tip! Thanks a lot for sharing!!

      Author's profile photo Zenon Kowalewski
      Zenon Kowalewski

      It works!  Thanks!

      Author's profile photo Balaji Ponnam
      Balaji Ponnam

      Thank you for sharing. Great Blog!

      Author's profile photo Jaith Eranga
      Jaith Eranga

      Thanks a lot Boon. was stuck for a while with SMTP receiver and that worked for me too.

      In alomost every one had used port 587. But for me that didn't work. I was getting certification issue  for this ..(PKIX error. )

      Author's profile photo Rajesh Kumar
      Rajesh Kumar

      Hi Sing Loo Boon,

      I Created One iflow with Mail Receiver Adapter. I fallowed the process what you said but I am getting Error like Could not Connect to Host . Here I am attaching the screenshots . Please check the same and give me the solution. I am waiting for your replay. I am using SAP CPI Cloud foundry Trial version.






      Connectivity Test









      Could Not Connect Host

      Please give the solution for this error.


      Rajesh Kumar.P

      Author's profile photo Partha Pal
      Partha Pal

      Awesome blog! Very helpful! Thanks for sharing.

      Author's profile photo Jose Canet
      Jose Canet

      Good morning.


      Thanks for your helpful blog, it's instructive and easy to understand.


      Thanks for sharing!!!

      Author's profile photo chandra kanth
      chandra kanth

      Thank you so much for your blog.. it's very much helpful for me...:-)






      Author's profile photo Juan Se JS
      Juan Se JS

      Thks Sing, because I had this error.

      Author's profile photo VU QUYNH ANH PHAM

      May I ask which Role/Authorization do you need in order to add a certificate (for Gmail SMPT) to the Manage Keystore in Trial Account?

      I am trying to import the gmail cer files but it keeps throwing the error “You are not authorized to perform this action” even though I have assigned PI_Administrator to myself.


      Thank you!

      Author's profile photo Sing Loo Boon
      Sing Loo Boon
      Blog Post Author

      Hi Vu,

      Could please try check whether these apply to you?

      Group Role AuthGroup.Admin or Single Roles, and NodeManager.deploysecuritycontent.





      Author's profile photo Hishmat Sultani
      Hishmat Sultani

      Thanks Sing Loo Boon

      It was very useful! I tried with App Password but it did not work until I complete the set up with the gmail connectivity test and certificates.

      Author's profile photo Shahrukh Bhat
      Shahrukh Bhat

      Thank you, this was helpful.

      Author's profile photo hari babu
      hari babu

      javax.mail.AuthenticationFailedException: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 3sm955798wmv.6 - gsmtp


      i tried for oneday full but not worked getting same error

      Author's profile photo Rajesh Dash
      Rajesh Dash

      Thanks Sing Loo. I followed your steps and I was able to send email from SAP CPI to my Gmail account. In CPI, I had used a different email address in the 'from' field. However, the email I received had my Gmail in the from email address.

      Author's profile photo Rashmi Mukundan
      Rashmi Mukundan

      Thank you .It is very helpful.