Google Advanced Protection (GAP)
GAP for personal accounts
GAP does three things:
- Requires you to use a U2F 2-factor-auth device (like a Yubikey) instead of getting text messages or using an authenticator app.
- Prevents 3rd party clients (like Superhuman or Apple Mail) from accessing Gmail or Google Drive.
- Prevents automated password recovery (to protect against the case where someone has access to your backup email address).
It turns out that you can get the security advantages of #1 without sacrificing #2, by setting up two U2F devices in your Google Account's 2-factor-auth settings, and removing your phone as a 2-factor-auth device.
GAP for Google Workspace accounts
By default, Superhuman isn’t compatible with Google Advanced Protection (GAP). However, we've found that it may be possible for Superhuman to coexist with GAP if the account is part of a Google Workspace and the Workspace Admin explicitly allows Superhuman to have access.
It's important to note that this isn't possible for personal Gmail accounts quite yet.
If you have an account that's part of a Google Workspace (i.e. your work email) and your Workspace Admin would be willing to adjust some settings on their end, here are the steps to help get that account set up with Superhuman!
How to adjust your Google Workspace settings:
- Go to admin.google.com
Under Security click on API Controls
Ensure that this box is not checked (the default is not checked):
Visit Manage Third-Party Access (here's a direct link to that page):
- Click on Add App then from that dropdown click on OAuth App Name Or Client ID
Type in 649336022844-5drlcmeo8tov7aabf8atnrbnsv3t1447.apps.googleusercontent.com then hit Search and select Superhuman
Check the client ID and click Select:
- Select Trusted then click Configure
Follow steps 5-8 again to configure our iOS app. This time use the client ID 649336022844-jlrmhbd93nmaigclvn6etjfnttrlh7v7.apps.googleusercontent.com for step 6.
- Follow steps 5-8 again to configure our Android app. This time use the client ID 649336022844-grdoc08d9gq2ka8jaukdrq2p43mhcdg6.apps.googleusercontent.com for step 6.
As a heads up, you may need to use OAuth App Name or Client ID for the iOS app rather than selecting iOS.