For those in Google's Advanced Protection Program

If you are a G Suite admin, you can add the Oauth ID (from the policy error page you get when you try to bind the account inside Insync) to your API whitelist in the Admin console. If you add the correct id, it should show up as “Insync” in the whitelist section and, after waiting a few minutes, you should be able to use Insync again.

1 Like

Thanks for the tip @Patrick_Audley!

I’m just going to say, there’s a reason OAuth is very difficult to setup when you’re enrolled in Advanced Protection. In creating an OAuth token you have just self-defeated all other security measures like 2FA or periodic password changes or login alerts by creating a portable bearer token that bypasses all of that and gets full read write access to your drive contents. The only way you might be "safe "doing this is if you do not store anything sensitive (anything that gave you desire for Advanced Protection) in Drive, including docs/sheets. If all of your sensitive content is strictly in GMail, then OAuth scoping should protect you from unauthorized email access if the OAuth token is compromised. Otherwise, I would advise against OAuth in general. I would be slightly less strict on this if a) you use the “alternate login” method and b) inSync encrypted that bearer token while it is on disk, and ideally in memory too except when actually needed.

1 Like