This article is written for G Suite Administrators.

Why Whitelist Foresight?

In short, some modules of Foresight request access Gmail or Drive data without being verified by Google. These modules will not function unless you trust Foresight. If you or your user insists to use these modules, you need to whitelist Foresight.

Foresight connects with your Google services to accomplish automation in G Suite via Google APIs and OAuth 2.0 protocol. OAuth 2.0 protocol has a concept called Scope. It's like a key to specific lockers. When Foresight requests Google service scopes, a consent screen is prompted to the user. Not until the user clicks Allow to grant these scopes, Foresight cannot access any data. Here is a page of Google API scopes.

Google's scope consent screen for Foresight
Google's scope consent screen for Foresight

Sensitive or restricted OAuth scopes (like reading your calendar events or sending emails on behalf of you) are subject to Google's scope verification process, otherwise you will see an unverified app screen below, or a rejection screen by Google.

Unverified app alert screen
Unverified app alert screen

While we have been through many OAuth scope verification processes by Google, we are unable to handle these restricted scopes due to an unaffordable $15,000 to $75,000 security assessment policy imposed by Google, see this OAuth API Verification FAQ.

  1. https://www.googleapis.com/auth/gmail.settings.basic. In the Update vacation responder action, Foresight uses this scope to modify users' vacation reply settings in Gmail.
  2. (To be continued with product updates...)

Unless you, the G Suite administrator, trust Foresight for such underlying scopes, the modules would not guarantee to function.

Do I need to Whitelist Foresight?

As long as you and your users don't use the triggers or actions above that access to restricted Google services (e.g. Update vacation responder action), you are excluded.

How to Whitelist Foresight in Admin Console?

First of all, it's a worth overviewing Google's official documentations, Authorize unverified third-party apps and Control which third-party & internal apps access G Suite data.

Then follow these steps to add Foresight from your trusted app list

  1. In your Admin Console
  2. Go to Security > App access control.
  3. In the App access control page, click MANAGE THIRD-PARTY APP ACCESS.
    Manage third-party app access in App access control of Admin Console
  4. If you see Foresight is in the third-party app list, change Access from Limited to Trusted.
    Connected app trusted list in Admin Console
    Change third party app access in Admin console
  5. Otherwise, add Foresight to the list.
    1. Click Add app > OAuth App Name Or Client ID.
      Add Foresight to the trusted app list in Admin Console
    2. Enter Foresight client ID. 659443922444-misph67nbs49u8e807vff0qrn3o141sq.apps.googleusercontent.com.
    1. Click Search and select Foresight.
    2. Click ADD.
      Add Foresight to trusted app list of Admin Console
  6. Verify you have successfully trusted Foresight.
    Trusted Foresight in App Access Control
  7. Double verify if the warning screen has gone by adding an Update Vacation Responder action and request access permissions.

Takeaways

Since the high restricted scopes mainly associate with accesses to Gmail and Drive data, you probably don't need to whitelist Foresight if your users don't need those modules (triggers and actions). It's simple to whitelist Foresight too. If you encountered any problems, please leave any comments below or contact support.