Hosted CanIt works fine with Google Apps. When provision a new domain that will route inbound to Google answer the "route mail to" question by using the primary server which is likely to be something like "aspmx.l.google.com" Once the domain is set up, we can add the remaining ones later under Setup : Domain Routing.
Also, once the domain is set up, be sure to go to Preferences : Quarantine Settings and set S-930 "Enable SRS (Sender Rewriting Scheme)" to "Yes" in the default stream. Otherwise, Google might incorrectly flag a whole bunch of mail as failing SPF.
Please read Google's documentation on inbound gateways and set up Hosted CanIt to be your inbound gateway. The Hosted CanIt IP addresses are found under My Domains; because Google has both IPv4 and IPv6 connectivity, be sure to include both the IPv6 and IPv4 networks as inbound gateways.
Google does expose IMAP to the internet, so it is possible to integrate this within CanIt in order to automate user logins. This must be defined in Setup->User Lookups, by creating a new user lookup and running the IMAP wizard.
While it may be possible to run alternative settings, we currently have several clients successfully integrating using the following settings. We recommend you start from here and only make adjustments if necessary.
IMAP Server: imap.gmail.com Strip domain name from login prior to authentication?: No Force user name to lower-case?: Yes Force stream name to lower-case? Yes Validate server certificate (if using TLS/SSL): No Encryption Settings: Require SSL Number of days to cache successful credentials (0-30): Any value you choose.
The following setting requires special attention:
Strip domain name from home stream after authentication?
This setting depends on your setting for Setup->Domain Mappings. If you use AsIs, answer 'No'. If you use ChopDomain, answer 'Yes'. If you use 'Program', you may be able to determine a Rewrite expression to suit your needs (See the online documentation link in the top-right corner). If you are confused by any of this, please contact RP for help.
Once you have completed the wizard, return to Setup->User Lookups and click the Test link next to the entry you have created. This will ensure that everything is working. If you do not know any valid credentials, you will need to activate it, as below, and then have a user test it for the actual login page.
CanIt needs to be told to actually use this lookup on a per-domain basis. This is done from Setup->Authentication Mappings.