Google Workplace (the paid version of Google/Gmail) has so many settings that one really needs to study it to set it up well.

Although, I do have a sneaking suspicion that some things may not be spelt out (at least not well) on purpose to foster some vendor lock in.

What not to do: try to get Thunderbird to access a Google Workplace account when you are in a hurry.

1. Thunderbird can’t access Google; Thunderbird indicates that the password is wrong.
2. Despite numerous re-types and checking that the password is inputted correctly, the connection just refuses to work.
3. But I’ve enabled IMAP from the User’s Gmail account!!! I don’t understand!!!
4. Happen to notice a single Security Alert email in the inbox using the Gmail interface.
5. That’s strange – falls inside the time period I’ve been tearing my hair out with Thunderbird – yet only one alert despite numerous attempts.
6. So, a search reveals that Google considers any non-Google, non-OAuth applications (like Thunderbird) as a ‘Less Secure Application’ … interesting classification given all the SSL advances in client-side mail applications.
7. Ah, one can allow ‘Less Secure Application’ in the Google Workplace administration console.
8. Wait, still doesn’t work.
9. Go back to the the Google Workplace administration console. Read the wording again and realise – allowing this at the administration console level only allows each user to have their individual choice.
10. Armed with this glimmer of hope, the User’s Account (not Gmail setting) reveals the option to allow ‘Less Secure Application’.
11. Finally, Thunderbird connects and inbox fills – along with tears of joy.