Certify'em and Google Workspace (G Suite)

This article is intended for people who want or plan to use Certify'em in a Google Workspace (formerly G Suite) domain. It covers important setup information, especially for brand new Workspace domains.

What is Google Workspace (formerly G Suite)?

Google Workspace is Google's cloud-based productivity suite, comparable to Microsoft's O365. If you're accustomed to using Gmail, Google Calendar, or Google Drive, think of Workspace as the paid equivalents that offer additional controls and capabilities to business, schools and other organizations. Most importantly, you can create and manage a set of users (i.e. employees, teachers, club members) and manage how they share their data. And that data is under the control of your Workspace domain, rather than a disparate set of Gmail accounts owned by different people.

Do I need Google Workspace to use Certify'em?

No. Certify'em can be used with a simple, free Gmail account. However, users of Gmail are subject to a limit of 100 emails sent/day by Add-ons like Certify'em. This limit is set by Google, and not by Certify'em. This means you'll only be able to send a maximum of 100 certificates per day using a Gmail account. In practice, you'll be limited to less than 100 certificates/day since (1) the quota of 100 emails/day is shared across any and all Add-ons you've installed, and (2) other emails you send with Certify'em (such as emails sent when a user fails an exam) also count toward this limit.

In contrast, Workspace users have an much higher limit of 1,500 emails/day (takes a few months to go into effect for accounts with less than 6 users). This limit, set by Google, is shared across all Add-ons a user has installed.

How do I know if I already have Workspace?

You may already be using Google Workspace if:

  • Your school, business, or organization already routinely uses tools like Gmail, Calendar, and/or Google Drive & Docs to conduct business.

  • You and your fellow colleagues have email addresses that end in the same domain name (i.e. maya@mycoolclub.com and jenny@mycoolclub.com).

If you're still not sure, ask the I.T. Admin or Help Desk at your organization if your user account is a Google Workspace account.

How do I get Google Workspace?

You can sign-up for Google Workspace online at workspace.google.com. Pricing starts at $6 per user per month. As part of this process you will also need to purchase a domain name (i.e. mycoolclub.com), or specify one you already own. A domain name is necessary so that Certify'em can send emails.

There are many online videos and guides for setting up a new account you can follow. Be prepared to spend several hours or more obtaining and setting up your Google Workspace account.

Will Workspace's higher email limits apply right away?

No. According to Google, for new Google Workspace domains with less than 6 users the higher limit of 1,500 emails sent/day can take several billing cycles (i.e. months) to kick in. They also don't apply while your Workspace domain is in its free trial. So plan ahead to purchase and setup your Workspace domain several months before you need it. Or if you need the higher quota much sooner, you'll need to purchase 6 licenses for your first month (you can cancel them later if you chose to setup billing on a monthly basis).

My organization uses Workspace, but why am I unable to install/use Certify'em?

It's possible your organization's Google Workspace admin has blocked access to Add-ons, or certain APIs (like the Google Drive APIs). Inquire with your I.T. admin if they can help enable Certify'em for you.

Does Workspace require any special setup to work with Certify'em?

While Certify'em should work with any Google Workspace domain without additional configuration, it's highly recommended that you read and follow the instructions outlined below to ensure proper behavior (i.e. avoid rejected/bounced emails).

Account in Good Standing

First, if your Workspace account (domain) was only recently created, know that Google will apply more strict checks on emails sent to catch abuse (i.e. spammers). This is especially true for emails sent automatically using tools such as Certify'em. To reduce this period of time somewhat, ensure your account is no longer in its trial period and is fully paid-up by accessing the Billing section of your Google Workspace Admin console. Once in the Billing section, next to Google Workspace, click the "Actions" drop-down menu, and select "Access billing account". Under Your balance, click Pay Early or Make a Payment. Make sure that the payment details are correct, then click Confirm.

Setup SPF Records

Next, setup a common DNS mail record called an "SPF" record to avoid your domain being confused for delivering email spam when sending automated certificate emails. If your domain is thought to be sending spam (vs just large numbers of certificates), it can result in many emails sent by Certify'em getting rejected by recipients.

To see if you already have an SPF record setup for Google Workspace, visit https://mxtoolbox.com/spf.aspx, type in your domain name (i.e. mycoolclub.com) and click "SPF Record Lookup".

    • If you see the message "SPF Record Found", and it looks something like "v=spf1 include:_spf.google.com ~all", then you're all set!

    • If you see the message "No SPF Record Found", or the record listed doesn't look like "v=spf1 include:_spf.google.com ~all", then you'll need to setup an SPF record for Workspace. See below.

To setup an SPF record for Google Workspace, you will need the ability to modify your domain's DNS records. This requires a login/password to the registry from which you purchased your domain name (i.e. GoDaddy, Google Domains, etc). If you're not the one who purchased the domain, you'll need to ask that person to do this for you (i.e. your organization's I.T. admin).

See this documentation from Google to learn more about SPF records and how to configure them for your domain: https://support.google.com/a/answer/33786

Whitelist App

Workspace allows you to optionally whitelist 3rd-party applications you trust. This requires an "OAuth 2 Client ID", which for Certify'em is: 295230426839-v1os3n9ffmt8diinjnb81u7adpd24ud6.apps.googleusercontent.com.

Note that whitelisting is only necessary if your Workspace domain's administrator has chosen to restrict access to Workspace APIs to trusted apps. Else it is not necessary.

Passage of Time

Even once SPF records and Billing are setup correctly, it may take some time (i.e. weeks) before emails stop bouncing. In the interim, you can still share certificates using the "Share via: Google Drive" option in the "Advanced Settings" of Certify'em. This works because the email notifications are sent by Google Drive, and not Certify'em. Note that recipients will need a Google account (i.e. Google Workspace or @gmail.com) to be able to print or download the certificate. Else they will only be able to view the file and will have to take a screenshot of it.

Contact Google Workspace Support

If you've done all the above steps, and you're reviewed other common reasons for emails getting rejected/bounced, try contacting Workspce support for additional help via the "Support" icon in your Workspace Admin Console (admin.google.com).