This article is written for Google Workspace Administrators.
Why Whitelist Foresight?
To put it simply, some modules of Foresight request access to your Gmail or Drive data or settings without being verified by Google. These modules will not function unless you explicitly add Foresight as a trusted app.
Foresight connects with your Google services via Google APIs and OAuth 2.0 protocol. OAuth 2.0 protocol has a concept called Scope. It's like a key to specific lockers. When Foresight requests Google service scopes, a consent screen is prompted to the user. Not until the user clicks Allow to grant these scopes, Foresight cannot access any data. Here is an example consent screen when Foresight requests Google API scopes.
Sensitive or restricted OAuth scopes (like reading your calendar events or sending emails on behalf of you) are subject to Google's scope verification process, otherwise you will see an unverified app screen below, or a rejection screen by Google.
While we have been through many OAuth scope verification processes by Google, we are unable to handle these restricted scopes due to annual security assessment policy required by Google (see OAuth API Verification FAQ).
- https://www.googleapis.com/auth/gmail.settings.basic. In the Update vacation responder action, Foresight uses this scope to modify users' vacation reply settings in Gmail.
- https://www.googleapis.com/auth/drive.readonly. In the Update user profile photo action, Foresight uses this scope to load profile photo files stored in a designated Google Drive folder.
- (To be continued with product updates...)
Unless you, the Google Workspace administrator, trust Foresight for such underlying scopes, the modules would not guarantee to function.
How to Whitelist Foresight in Admin Console?
You must be a Google Workspace Administrator for this part.
First of all, it's a worth overviewing Google's official documentations, Control which third-party & internal apps access Google Workspace data.
Then follow these steps to add Foresight from your trusted app list
- Log into your Google Admin Console
- Go to Security > API Controls
- In the App access control section, click MANAGE THIRD-PARTY APP ACCESS
- If you see Foresight is in the third-party app list, change Access from Limited to Trusted.
App Access Control"> - Otherwise, add Foresight to the list.
- Click Configure new app > OAuth App Name Or Client ID.
API Controls > App Access Control"> - In the Search an app step
- Enter Foresight client ID. 659443922444-misph67nbs49u8e807vff0qrn3o141sq.apps.googleusercontent.com.
- Click Search
- Select Foresight.
- In the Select OAuth client IDs step, check the OAuth client ID and click Select.
- In the Configure an app step, select the Trusted: Can access all Google services option and click Configure.
- Click Configure new app > OAuth App Name Or Client ID.
- Verify you have successfully trusted Foresight.
- Now ask your user or yourself to double verify if the warning screen has gone by adding an Update Vacation Responder action and request access permissions in Foresight.
Takeaways
Since the restricted scopes mainly associate with accesses to Gmail and Drive data, you probably don't need to whitelist Foresight if your users don't need those modules (triggers and actions). If you encountered any problems, please leave any comments below or contact support.