Search The ForumSearch   RegisterRegister  LoginLogin

MailBee.NET Objects

 AfterLogic Forum : MailBee.NET Objects
Subject Topic: CASA Tier 2 security assessment... Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
juris
Groupie
Groupie


Joined: 27 June 2011
Location: Italy
Online Status: Offline
Posts: 72
Posted: 12 June 2024 at 11:58pm | IP Logged Quote juris

https://mail.google.com/ scope now require CASA Tier 2 security assessment. How can we get around this obstacle?

My users must have the ability to read, write, send and permanently delete all emails from Gmail. What alternative scope can I use?


Regards, Lello


Quote:

========================
Hello Google Developer,

Thank you for your patience while we reviewed your submission for project xxxxxxxxxxxx. We need you to address the following items for us to continue your appís verification:

You are required to complete a CASA Tier 2 security assessment for your application (project number: xxxxxxxxxxx) by the following date: 2024-09-10. This assessment is required annually; to learn more, please visit the CASA website.

CASA assessment is done on a "first-come-first-serve" basis. This can take up to 6 weeks depending on how engaged and responsive you are in the whole process. Hence we strongly suggest you get started with the assessment as soon as possible. To know how, please read the instructions below.

You have the following options to complete your assessment:

1 - Tier 2 Authorized Lab Scan
For your Tier 2 CASA assessment you may contact our CASA authorized preferred partner TAC Security, with whom we have negotiated a discounted rate for Tier 2 CASA assessments. Alternatively, you may also contact any other CASA authorized lab to conduct your Tier 2 CASA Assessment.

2 - Tier 3 CASA Assessment
You can also opt-in to complete a Tier 3 assessment, by contacting CASA authorized TAC Security, or any other CASA authorized lab.

CASA Tier 3 is a comprehensive assessment that tests the application, the application deployment infrastructure and any user data storage location.

Tier 3 assessments have the following benefits:

Conducted and validated by the authorized labs giving your application high assurance of compliance with CASA standard
If your application is listed on the Google WorkSpace Marketplace you will receive an independent security verification badge


For any questions on the Tier 2 or Tier 3 Authorized Lab Scan/Assessment, or if you need a due date extension, please reach out to your CASA authorized lab.

Useful resources
Refer to the following documentation for more information:

CASA Website
CASA Tiering
Other Tiers Process
Important! Once you have addressed the issues above, reply directly to this email to confirm. You must reply to this email after fixing the highlighted issues to continue with the app verification process.


Need to make changes to your verification request?

Please make direct changes on the Cloud Console. Save and submit the changes when finished.

No longer need access to these scopes?

Please reply to this email to cancel the verification request.

Need other help?

For more information on OAuth Verification, you can read the terms or policies for the APIs or products your app uses, as well as the following resources:

Link to OAuth Verification FAQ


Thank you,

The Third Party Data Safety Team

Back to Top View juris's Profile Search for other posts by juris
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6071
Posted: 13 June 2024 at 1:12am | IP Logged Quote Igor

If you're looking for an alternative to OAuth2, I can only think of the use of app passwords - however, such an option requires the use of 2-Step Verification. Frankly, never tried such a combination myself, but still it's worth a shot.

--
Regards,
Igor, Afterlogic
Back to Top View Igor's Profile Search for other posts by Igor
 
juris
Groupie
Groupie


Joined: 27 June 2011
Location: Italy
Online Status: Offline
Posts: 72
Posted: 13 June 2024 at 2:23am | IP Logged Quote juris

Hi Igor,

Can you provide a C# code example for me and other MailBeee users? Google has opened a review for all projects. I think an example can be useful for everyone.


Regards Lello
Back to Top View juris's Profile Search for other posts by juris
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6071
Posted: 13 June 2024 at 2:28am | IP Logged Quote Igor

With app password enabled, it would be the exact same way you'd authenticate with username and password on any other IMAP server, except a special password is used instead of the email account's password, for example Imap.Login Method. With 2-step verification enabled, however, I'm not sure that's going to work non-interactively.

--
Regards,
Igor, Afterlogic
Back to Top View Igor's Profile Search for other posts by Igor
 
juris
Groupie
Groupie


Joined: 27 June 2011
Location: Italy
Online Status: Offline
Posts: 72
Posted: 13 June 2024 at 10:41pm | IP Logged Quote juris

16-digit passcode only appears with mobile apps. 16-digit passcode does not appear with desktop applications (windows browsers). Do you have any other idea?

Quote:

If youíve set up 2-Step Verification but canít find the option to add an app password, it might be because:

Your Google Account has 2-Step Verification set up only for security keys.
Youíre logged into a work, school, or another organization account.
Your Google Account has Advanced Protection.
Back to Top View juris's Profile Search for other posts by juris
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6071
Posted: 13 June 2024 at 11:54pm | IP Logged Quote Igor

I see, seems OAuth2 remains the only option then. Unfortunately, I don't think there's a way around using "https://mail.google.com/" scope as long as you require IMAP and SMTP access to Gmail account. Perhaps, going along with the security assessment is still worth it, this discussion thread may offer some valuable pointers. Thank you.

--
Regards,
Igor, Afterlogic
Back to Top View Igor's Profile Search for other posts by Igor
 
juris
Groupie
Groupie


Joined: 27 June 2011
Location: Italy
Online Status: Offline
Posts: 72
Posted: 14 June 2024 at 12:50am | IP Logged Quote juris

Is it possible to Login in using a Google backup code (11 digits)?
I tried but it doesn't work.

Quote:


AuthenticationMethods authMethods = checkBoxTrySecureAuth.Checked ? AuthenticationMethods.Auto : AuthenticationMethods.Regular;

await imp.LoginAsync(textBoxImapUser.Text, BACKUP_CODE_11_DIGITS, authMethods);

Back to Top View juris's Profile Search for other posts by juris
 
Igor
AfterLogic Support
AfterLogic Support


Joined: 24 June 2008
Location: United States
Online Status: Offline
Posts: 6071
Posted: 14 June 2024 at 12:54am | IP Logged Quote Igor

Per my understanding, backup codes don't do the authentication, they can only be used if you no longer have access to 2-Step Verification and need to skip that one. So you would still need to authenticate the usual way.

--
Regards,
Igor, Afterlogic
Back to Top View Igor's Profile Search for other posts by Igor
 
juris
Groupie
Groupie


Joined: 27 June 2011
Location: Italy
Online Status: Offline
Posts: 72
Posted: 14 June 2024 at 5:01am | IP Logged Quote juris

This operation must be done from a mobile device otherwise "App Password" will not appear

Igor wrote:
If you're looking for an alternative to OAuth2, I can only think of the use of app passwords - however, such an option requires the use of 2-Step Verification. Frankly, never tried such a combination myself, but still it's worth a shot.

--
Regards,
Igor, Afterlogic
Back to Top View juris's Profile Search for other posts by juris
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide