Whitelist xFanatical Foresight in Google Admin

This article is written for Google Workspace Administrators.

Why Whitelist xFanatical Foresight?

To put it simply, some modules of xFanatical Foresight request access to your Gmail or Drive data or settings without being verified by Google. These modules will not function unless you explicitly add Foresight as a trusted app.

Foresight connects with your Google services via Google APIs and OAuth 2.0 protocol. OAuth 2.0 protocol has a concept called Scope. It's like a key to specific lockers. When Foresight requests Google service scopes, a consent screen is prompted to the user. Not until the user clicks Allow to grant these scopes, Foresight cannot access any data. Here is an example consent screen when Foresight requests Google API scopes.

Sensitive or restricted OAuth scopes (like reading your calendar events or sending emails on behalf of you) are subject to Google's scope verification process, otherwise you will see an unverified app screen, or a rejection screen by Google as follows.

While we have been through many OAuth scope verification processes by Google, we are unable to handle these restricted scopes due to annual security assessment policy required by Google (see OAuth API Verification FAQ).

1. https://www.googleapis.com/auth/gmail.settings.basic. In the Update vacation responder action, Foresight uses this scope to modify users' vacation reply settings in Gmail.
2. https://www.googleapis.com/auth/drive.readonly. In the Update user profile photo action, Foresight uses this scope to load profile photo files stored in a designated Google Drive folder.
3. (To be continued with product updates...)

Unless you, the Google Workspace administrator, trust Foresight for such underlying scopes, the modules would not guarantee to function.

Whitelist xFanatical Foresight in Google Admin?

You must be a Google Workspace Administrator for this part.

First of all, it's a worth overviewing Google's official documentations, Control which third-party & internal apps access Google Workspace data.

Then follow these steps to add Foresight from your trusted app list

1. Log into your Google Admin Console.
2. Go to Security > API Controls.
3. In the App access control section, click Manage third-party app access.
   
4. If you see xFanatical Foresight is in the third-party app list, change Access from Limited to Trusted.
   
   
5. Otherwise, add xFanatical Foresight to the list.
   1. Click Configure new app.
      
   2. In the app search step,
      1. Enter Foresight client ID. 659443922444-misph67nbs49u8e807vff0qrn3o141sq.apps.googleusercontent.com.
         
      2. Click Search.
      3. Select xFanatical Foresight.
   3. In the Scope step, choose the organizational units for which you want to trust xFanatical Foresight.
   4. In the Access to Google data step, select the Trusted option, and click Configure.
      
6. Verify you have successfully trusted xFanatical Foresight. Click the View details.
   
7. Click the Access to Google data, and verify if
   
8. Now ask your user or yourself to double verify if the warning screen has gone by adding an Update vacation responder action and request access permissions in xFanatical Foresight.

Takeaways

Since the restricted scopes mainly associate with accesses to Gmail and Drive data, you probably don't need to whitelist Foresight if your users don't need those modules (triggers and actions). If you encountered any problems, please leave any comments below or contact support.