Google Advanced Protection (GAP)

GAP for personal accounts

GAP does three things:

  1. Requires you to use a U2F 2-factor-auth device (like a Yubikey) instead of getting text messages or using an authenticator app.
  2. Prevents 3rd party clients (like Superhuman or Apple Mail) from accessing Gmail or Google Drive.
  3. Prevents automated password recovery (to protect against the case where someone has access to your backup email address).

It turns out that you can get the security advantages of #1 without sacrificing #2, by setting up two U2F devices in your Google Account's 2-factor-auth settings, and removing your phone as a 2-factor-auth device.


GAP for Google Workspace accounts


By default, Superhuman isn’t compatible with Google Advanced Protection (GAP). However, we've found that it may be possible for Superhuman to coexist with GAP if the account is part of a Google Workspace and the Workspace Admin explicitly allows Superhuman to have access.


It's important to note that this isn't possible for personal Gmail accounts quite yet.


If you have an account that's part of a Google Workspace (i.e. your work email) and your Workspace Admin would be willing to adjust some settings on their end, here are the steps to help get that account set up with Superhuman!


How to adjust your Google Workspace settings:

  1. Go to admin.google.com
  2. Under Security click on API Controls 

    cfc0a37fefc6e06467b6599c56050ea4.png

  3. Ensure that this box is not checked (the default is not checked): 

    67f0a981589cd15fa95311cd88531b0c.png

  4. Visit Manage Third-Party Access (here's a direct link to that page): 

    84ed8549b5a3def1c1d06abaa4e4006a.png

  5. Click on Add App then from that dropdown click on OAuth App Name Or Client ID 
  6. 88222d3887532aa0d4046cd45b6d7ea5.png

    Type in 649336022844-5drlcmeo8tov7aabf8atnrbnsv3t1447.apps.googleusercontent.com then hit Search and select Superhuman 

    47a56fb439fc7dcac50237421465957b.png

  7. Check the client ID and click Select

    cb7a02ab5694f0175bbf9c62d13693fa.png

  8. Select Trusted then click Configure 
  9. df9b53fa4caeda9794d2abc25582d2a5.png

    Follow steps 5-8 again to configure our iOS app. This time use the client ID 649336022844-jlrmhbd93nmaigclvn6etjfnttrlh7v7.apps.googleusercontent.com for step 6.

  10. Follow steps 5-8 again to configure our Android app. This time use the client ID 649336022844-grdoc08d9gq2ka8jaukdrq2p43mhcdg6.apps.googleusercontent.com for step 6.

As a heads up, you may need to use OAuth App Name or Client ID for the iOS app rather than selecting iOS.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.