With the way Google does things, there are 2 levels of IMAP enabling/disabling:
1) At the Domain Administration level
- This level is anything that is configured in your Google Admin Console (admin.google.com)
- IMAP settings set here decide whether IMAP is On or Off, period. Off meaning nothing can be accessed over IMAP at all.
- There are 2 ways to do this at this level:
- Turn ON IMAP for entire domain - This means all user accounts will have their Gmail records accessible over IMAP.
- Turn ON IMAP only for specific OUs - With this setting, you pick which OUs you want IMAP exposed on. Only the users in the OUs that you explicitly turn on will have their for Gmail records accessible over IMAP.
2) At the individual user setting level
- This level is anything configured for IMAP in a user's personal Gmail settings page. They access this from the Gear drop-down and clicking settings when they are logged in to Gmail.
- IMAP can be enabled or disabled at this level, however IMAP settings here are different than at the domain level. IMAP settings at this level control what is accessible to frontend credential (user/pass) applications only; not like backend credential (OAuth) applications like Backupify/Datto SaaS Protection:
- Examples of frontend credential applications are: iPhone mail, Outlook, Thunderbird, etc. Applications that use a user/password combo to authenticate.
- An example of backend credential applications is Backupify/Datto SaaS Protection, we use OAuth credentials to authenticate.
- IMAP at this level means:
- Enabled: This means that both frontend and backend apps can access the user's Gmail records over IMAP.
- Disabled: This means that frontend apps like iPhone and Outlook will NOT be able to access user's Gmail records over IMAP at all; they are cutoff. However backend apps like Backupify/Datto SaaS Protection can still access the user's Gmail records over IMAP as we are authenticate over OAuth.