This article is written for G Suite Administrators.

Why Whitelist Foresight?

To put it simply, some modules of Foresight request access to your Gmail or Drive data or settings without being verified by Google. These modules will not function unless you explicitly add Foresight as a trusted app.

Foresight connects with your Google services via Google APIs and OAuth 2.0 protocol. OAuth 2.0 protocol has a concept called Scope. It's like a key to specific lockers. When Foresight requests Google service scopes, a consent screen is prompted to the user. Not until the user clicks Allow to grant these scopes, Foresight cannot access any data. Here is an example consent screen when Foresight requests Google API scopes.

Google's scope consent screen for Foresight
Google's scope consent screen for Foresight

Sensitive or restricted OAuth scopes (like reading your calendar events or sending emails on behalf of you) are subject to Google's scope verification process, otherwise you will see an unverified app screen below, or a rejection screen by Google.

Unverified app alert screen
Unverified app alert screen
Google rejects granting Foresight access to your restricted Google services
Google rejects granting Foresight access to your restricted Google services

While we have been through many OAuth scope verification processes by Google, we are unable to handle these restricted scopes due to an unaffordable $15,000 to $75,000 security assessment policy imposed by Google (see OAuth API Verification FAQ).

  1. In the Update vacation responder action, Foresight uses this scope to modify users' vacation reply settings in Gmail.
  2. (To be continued with product updates...)

Unless you, the G Suite administrator, trust Foresight for such underlying scopes, the modules would not guarantee to function.

How to Whitelist Foresight in Admin Console?

You must be a G Suite Administrator for this part.

First of all, it's a worth overviewing Google's official documentations, Authorize unverified third-party apps and Control which third-party & internal apps access G Suite data.

Then follow these steps to add Foresight from your trusted app list

  1. In your Admin Console
  2. Go to Security > App access control.
  3. In the App access control page, click MANAGE THIRD-PARTY APP ACCESS.
    Manage third-party app access in App access control of Admin Console
  4. If you see Foresight is in the third-party app list, change Access from Limited to Trusted.
    Connected app trusted list in Admin Console
    Change third party app access in Admin console
  5. Otherwise, add Foresight to the list.
    1. Click Add app > OAuth App Name Or Client ID.
      Add Foresight to the trusted app list in Admin Console
    2. Enter Foresight client ID.
    3. Click Search and select Foresight.
    4. Click ADD.
      Add Foresight to trusted app list of Admin Console
  6. Verify you have successfully trusted Foresight.
    Trusted Foresight in App Access Control
  7. Now ask your user or yourself to double verify if the warning screen has gone by adding an Update Vacation Responder action and request access permissions in Foresight.


Since the restricted scopes mainly associate with accesses to Gmail and Drive data, you probably don't need to whitelist Foresight if your users don't need those modules (triggers and actions). If you encountered any problems, please leave any comments below or contact support.