How to Connect Google Workspace via ColdSend Shared OAuth
ColdSend Shared is the fastest way to connect your Gmail or Google Workspace inbox. You'll authenticate directly through Google using ColdSend's pre-configured and CASA Tier 2 verified OAuth app — no Google Cloud project setup, no credentials to manage.
When to Use ColdSend Shared
Use this option if you:
- Want to connect your inbox in under a minute
- Don't need a custom-branded OAuth consent screen
- Are an individual user or small team
- Don't have specific compliance requirements mandating your own OAuth app
Need full control? If your organization requires its own Google Cloud OAuth app for branding, security reviews, or higher API quotas, see the Private OAuth Setup Guide.
Prerequisites
- A Google Workspace or personal Gmail account
- Your Google account credentials (email and password)
- If your account uses 2-Step Verification, have your authenticator app or phone ready
- Pop-ups are allowed in your browser (the Google consent screen opens in a pop-up window)
Step 1: Navigate to Google Connection
- Log into your ColdSend account.
- In the left sidebar, go to Sender Accounts.
- Click the Create Email Account dropdown and choose Google Workspace.
- You'll land on the Connect Google Account page.
Navigate to Google
Step 2: Select ColdSend Shared
Under Choose connection type, select ColdSend Shared:
- Look for the option labeled "ColdSend Shared" with the "Quick Setup" badge
- Click on it to select it
Select ColdSend Shared
Step 3: Sign In with Google
- Click the Sign in with Google button.
- A pop-up window will open with Google's login page.
- Enter your Google account email and password.
- If prompted, complete 2-Step Verification.
- Review the permissions ColdSend is requesting and click Allow.
Google Sign In
Permissions requested: ColdSend requests access to send email on your behalf (
gmail.send), read your mailbox (gmail.readonly), and view your basic profile. Your password is never stored.
Step 4: Verify Connection
Once you've granted the permissions:
- Google will redirect you back to ColdSend.
- ColdSend will automatically verify your connection.
- On success, you'll see a confirmation toast and your inbox will appear in the Connected Accounts section.
Connected Account
Google Workspace Admin Approval (If Required)
Personal Gmail users: You can skip this section. ColdSend's OAuth app is CASA Tier 2 verified, so personal Gmail accounts can connect directly without any admin action.
If your organization uses Google Workspace and has restrictive third-party app policies, you may see a "This app is blocked" message when trying to connect. This means your Workspace admin needs to approve ColdSend's app first.
What This Means
- ColdSend's OAuth app is CASA Tier 2 verified — it has passed Google's security assessment and is recognized as a trusted application.
- Your Workspace admin simply needs to approve it once in the Google Admin Console.
- After approval, the message will no longer appear for any user in your domain.
Steps for Workspace Admins
- Go to Google Admin Console.
- Navigate to Security → Access and data control → API controls → Manage app access.
Admin Console API Controls
- Click Configure new app.
- Search for the ColdSend app or paste the OAuth Client ID if provided by your ColdSend account manager.
- Select the organizational unit or domain to apply the setting to.
- Choose Trusted and click Continue, then Finish.
Trust ColdSend App
Note: It may take up to 10 minutes for the change to propagate across your Workspace domain. After approval, return to ColdSend and click Sign in with Google again.
What Happens Behind the Scenes
When you connect via ColdSend Shared:
- Authentication: ColdSend uses OAuth 2.0 to authenticate with Google. Your password is never shared with or stored by ColdSend.
- Tokens: ColdSend receives an access token (short-lived) and a refresh token (long-lived). The refresh token is encrypted and stored securely to keep your connection alive.
- Sending: Emails are sent via Google's Gmail API using OAuth-authenticated requests.
- Reply tracking: ColdSend monitors your inbox via the Gmail API to track replies and update campaign statuses.
Troubleshooting
"This app is blocked by your organization"
Your Google Workspace admin has restricted third-party OAuth apps. Follow the admin approval steps above, or use the Private OAuth method with your organization's own Google Cloud app.
"Access blocked: ColdSend's request is invalid"
- Ensure pop-ups are enabled in your browser
- Try clearing your browser cookies for
accounts.google.comand retry - Use an incognito/private window to rule out extension conflicts
"Sign-in was blocked"
- Double-check your email and password
- Ensure your Google account is not locked or suspended
- Try signing in at mail.google.com first to verify your credentials
Connection test failed after authentication
- Ensure the Gmail API is not restricted for your Workspace account (ask your admin)
- Verify your account isn't restricted from third-party app access
- Try disconnecting and reconnecting the inbox
FAQs
Is my password stored by ColdSend?
No. ColdSend uses OAuth 2.0 — authentication happens entirely on Google's servers. ColdSend only stores encrypted access and refresh tokens.
Can I connect multiple Google accounts?
Yes. You can connect as many Google accounts as your ColdSend plan allows. Each account connects independently.
What if my access token expires?
ColdSend automatically refreshes your access token using the stored refresh token. You won't need to re-authenticate unless the refresh token is revoked.
Can I switch to my own OAuth app later?
Yes. You can disconnect the inbox, set up a Private OAuth App, and reconnect. Your campaigns and sending history are unaffected.
Does this work with personal Gmail accounts (not Workspace)?
Yes. ColdSend Shared works with both Google Workspace (work/school) and personal Gmail accounts. Personal Gmail users don't need any admin approval.
What does CASA Tier 2 verified mean?
ColdSend's OAuth app has passed Google's Cloud Application Security Assessment (CASA) at Tier 2. This means Google has independently audited and verified ColdSend's security practices, giving Workspace admins confidence to approve the app quickly.
Should I use OAuth or App Password?
OAuth is the recommended connection method. It's more secure (no password storage), more reliable (automatic token refresh), and supports higher sending limits. App Password is available as a fallback if OAuth isn't an option — see the App Password Guide.
