Admin Console

The admin console empowers all Asana admins and super admins with the administrative capabilities they need to champion Asana within their organizations.

Access the organization admin console

Access Admin Console

To access the admin console:

  1. Click on your profile photo
  2. In the drop-down menu, select Admin Console

Team admins cannot access the admin console.

Get insights into your organization

insights

From the Insights tab, you can:

  • Understand how your organization is using Asana through high-level metrics
  • See recently added teammates
  • View the most influential members in your organization (active members with the most invites sent, teams created, and projects shared in Asana)
  • With Business, you can view detailed engagement activity over time to spot trends in your organization's usage of Asana

Manage all members in an organization

From the Members tab, you can see how many members and guests you have in your Asana organization as well as how many seats you have available. If you need to add members, grant admin access, or deprovision a member, you can easily do so.

Managing members

From the members tab, you can:

  1. Invite new members to join a team in your organization
  2. Identify the number of members, guests, pending invites and the number of available seats in your organization
  3. Search for someone in your organization
  4. View each person's name, whether they're an admin, member or guest and when they were last active in your organization
  5. Edit profile settings or Remove by hovering over their name, clicking the three dot icon and selecting one of the options

Deactivating a member in your organization

To remove a person from your organization, navigate to the Members tab of your admin console.

Find the name of the person by scrolling down or using the search bar. Once you’ve found the person, click the three dot icon and select Remove.

remove member 1

remove member 2

From the next tab, you can:

  1. Choose the member you want to reassign the tasks to
  2. Click Remove to confirm the deactivation

The deactivated member will then show in your member’s list as Removed.

remove member 3

What happens to a deprovisioned person’s tasks?

After you have deprovisioned someone from your organization, a private project containing their previously assigned tasks will be auto generated. You can assign this to yourself or another member of your organization. This allows you to easily assign pending tasks to the appropriate person to manage.

A simple next step solution to delegating would be to multi-select deprovisioned tasks, where you can take mass actions on tasks and even bulk assign them to yourself or other organization members.

You can read more about this in our FAQ article.

The time of the deactivation will appear in the Last activity column.

Restoring a deactivated member

Restore a deactivated member by finding their name in your member’s tab. Then click the three dot icon and select Restore.

restore 1

From the next window, select Restore.

restore 2

If your reactivation fails, the admin for your organization will receive a task asking them to reach out to our Support team.

Filter by member type

From the Members tab of your admin console, you can filter your member list by member type. To do this click on the drop-down arrow next to the member type filter and choose from All, Admin, Member, Guest, Invited or Removed.

member type filter

Team access

The Team access tab on a member's My Settings... gives admins insight into what specific users have access to and the ability to edit membership status.

From Edit profile settings admins can navigate to a member's My Settings... to access and manage teams.

edit profile settings

To access a member's My Settings...:

  1. Click on the three dot icon across from a selected member to view options
  2. Click on Edit profile settings from the drop-down list

From here navigate to Team Access where you can browse teams, edit team access and add or remove members from teams.

team access

Click on Team Access to:

  1. View the teams a user belongs to
  2. Add a user to any team in the organization
  3. Untick to remove the user from any team
  4. Save changes after any updates

Sort members by name, type and last activity

sort by name/activity

You can also sort your member, guest type and last activity by name (alphabetical order or reverse alphabetical order)so that you can see how recently anybody has last logged into the organization or if there are any outstanding invitations.

Export membership data to CSV

export csv

To export membership data to CSV:

  1. Click on the three dot icon from the Members tab
  2. Click Request CSV of Members

You will then receive an email message with the link to download.

The CSV file downloaded has the following fields:

  • Name
  • Email address
  • Department
  • Date joined organization
  • Invited by
  • Inviter email
  • First login date
  • Login method
  • MFA state
  • Last activity
  • Type
  • Number of teams
  • Teams
  • Number of projects
  • Projects

Manage teams

teams

From the Teams tab, you can:

  1. Create a new team in your organization
  2. View each team's name, number of members, privacy permissions, creation date & creator
  3. Edit a team by hovering over the three dot icon next to the Created by field and clicking the Edit team option that appears

Export team data to CSV

Super admins of a paid organization or a division can export their team list to CSV through the teams tab of their admin console.

export team csv

To export team data to CSV:

  1. Navigate to Teams tab
  2. Click on Export CSV

You will then receive an email message with the link to download.

The CSV file downloaded has the following fields:

  • Team
  • Member count
  • Privacy
  • Created on
  • Description
  • Members (email)
  • Limited access members (email)
  • Pending invite (email)

CSV exports of organizations and divisions allow admins to keep track of which departments are using Asana to monitor seat usage and maintain the central billing within IT. The department or team field can be prepopulated using our SCIM integrations with Azure AD and Okta.

Large organizations can benefit from CSV exports when trying to facilitate departmental chargebacks.

Team privacy settings

Super admins for Enterprise organizations can set a default privacy level for teams in their organization.

When set, this will be the pre-selected option when creating a new team. Team creators can still create teams with other privacy levels as they choose.

To set your default privacy settings navigate to your admin console and click on the Security tab. Then, click on Team privacy settings.

team privacy settings 1

team privacy settings 2

From the next tab, you can select your default setting.

Manage time periods

Asana sets up a default fiscal year for all organizations, and new goals will immediately have time periods attached. These time periods help you to align Asana with your fiscal year, and can be used for company and team goals. The default annual start date is January 1st, but you can use your admin console to change this.

time periods

From your admin console, click into the Settings tab and then Time periods From there select the time period to match your organization's annual operating rhythm and choose when you want this time period change to begin. Time periods are organization-wide and you will need to be an organization-wide admin to update these time periods. Only organization and workspace admins can update time periods through the admin console, all other admins will need to contact support to update time periods.

Individual users can also manually add time periods to existing goals. When admins make changes to their fiscal year, those changes are reflected and applied across all goals where there is no custom due date, or is different from the time period date range.

Manage billing information

The billing owner of a Premium organization, who is also the admin, can access their billing through the admin console.

billing information

From the billing tab, you can:

  1. Change your type of paid plan
  2. View your seat utilization
  3. Update your billing information
  4. Reassign billing ownership of the account
  5. Download your latest invoice

Only the current billing owner of an organization will be able to update the billing information, reassign billing ownership or download the latest invoice.

View and download invoices

Billing owners can view and download all historical invoices.

From Invoices in the Billing tab you can view the latest invoices and invoice history with an option to download all invoices for a particular year.

invoice history

To access:

  • Click on Invoice history
  • View All Invoices
  • Click on the download symbol to download year in bulk or select a particular month

all invoices

Change or edit your plan size and tier

From your admin console you can easily change your paid plan from Premium to Business or vice versa.

From the admin console click on the Billing tab.

toggle between Premium and Business

From the Billing tab click on Change plan.

change plan

Here, you can choose to upgrade to Asana Business or if you’re already on a Business tier, you can choose to switch to Asana Premium.

When you’ve chosen your desired tier, click Confirm and change plan.

choose plan

You must be the billing owner of your paid plan to edit its size or change tier.

Security

From the security tab super admins can manage the following:

  1. Authentication
    • Enable or disable Google SSO for your organization
    • SAML authentication
    • Two-factor authentication
    • Set how long members can stay signed in to Asana
  2. Password settings
    • Set password requirements for organization members
    • Force organization-wide password reset
  3. Admin controls
    • Guest invite settings
    • File attachment options
    • Team privacy settings
    • Read-only link sharing permissions
    • Forms access permissions
    • Reporting permissions
    • Video recording permissions
    • Time tracking permissions
    • Admin access: Determine who the admins are for your organization.
  4. Compliance
    • Data residency
  5. Mobile Apps
    • Mobile data controls are available to Enterprise customers.

Super admins of Enterprise domains can now export audit logs for their organization directly from the admin console via the Security tab by clicking on Audit log export.

Manage organization admins

From your admin console, you can determine your organization’s admins and super admins.

security admin access

organizations admins

Organization admins have edit access to the company’s mission statement.

Password strength

You can choose your password strength by clicking into the Security tab of your admin console and clicking on Password strength.

You can choose between a simple and strong password. Simple passwords must have at least 8 characters and strong passwords must have at least 8 characters and must include characters from at least three of the following types: lowercase, uppercase, numbers, and special characters.

password strength

Changes to the password strength will only affect newly created passwords.

Organization-wide password reset

This feature is available for super admins of Asana Premium, Business and Enterprise organizations.

From the admin console, you can force an organization-wide password reset for users that have access to your organization.

  1. Members or guests who have an Asana password will be logged out. They will then receive an email with a password reset link and be forced to choose a new password before logging in again.
  2. Members or guests who do not have an Asana password will only be logged out.
  3. Members or guests who log in with SAML or Google SSO and don't have an Asana password will only be logged out.

password reset

Users who initially signed up to Asana by setting a password and have since upgraded to login with SAML or Google SSO will receive an email asking them to reset their password. This will have no effect on their SAML/Google SSO password.

Guest invite controls

Super admins of Enterprise organizations or divisions can control who can invite organization guests (those without a company email address) into your Asana organization. Super admins can select one of the three options below to decide who has the ability to invite organization guests:

  • Admins only

  • Admins & organization members

  • Everyone (this includes both organization members & guests)

If you'd like to enable one of these options for your organization, you can do so by accessing the Admin Console and then navigating to the Security tab.

Guest Invite Controls 1

To access the guest invite controls:

  1. Navigate to the Security tab of the Admin Console
  2. Under Admin Controls, click Guest invite settings

Guest Invite Controls 2

From here, you need to:

  1. Select one of the guest invite options
  2. Click Save changes

Once this has been enabled, those who no longer have the ability to invite organization guests will receive an error message when trying to do so in Asana.

If you are not the super admin, you can find your organization's admin(s) by clicking on your profile photo in the top right corner, accessing the Admin Console and viewing the super admin under the Members tab by selcting Admin from the Member type dropdown arrow.

Who's the admin

Mobile Apps

Mobile data controls are available to Enterprise customers.

Add additional security to the Asana mobile apps (iOS and Android) to protect your organization’s data while enabling your team to work and collaborate from anywhere.

mobile apps

As a super admin, you can utilize the following mobile data controls for your organization:

Biometric authentication

By activating biometric authentication, you can allow users to unlock Asana on mobile devices using their fingerprint or facial recognition. You can set the frequency at which users will need to re-authenticate.

Screen capture permissions (Android only)

Choose whether users in your organization can take screenshots of the mobile app.

Attachment permissions

Restrict downloads or the ability to share attachments in Asana on mobile devices.

Widget permissions

Restrict the Asana home widget on mobile devices, so users are unable to view tasks directly from the phone’s home screen.

Copy and paste permissions

Limit copy and paste permissions in the mobile app.

Security contact email

Super admins for paid organizations have the ability to add a security contact e-mail in their admin consoles to receive security updates from Asana. This feature means that Asana knows where to send these important communications.

Super admins for paid divisions can access this feature by contacting our support team support@asana.com.

As a super admin for a paid organization, log into the Asana account with the super admin role for your organization. From there navigate to the admin console, then click Security in the sidebar and then click Security Contact Email.

Enter the email address you would like Asana to send communications to regarding security.

Google SSO

sso

Super admins must first log in with their Google account in order to enable Google SSO. If you logged in with email and password, simply log out and in again using the blue Use Google Account button instead.

sso

When you click Google Apps Authentication in the Security tab, you can:

  1. Set Google Sign-in as either optional or required for all members
  2. Once you've chosen an option, click Save Configuration

Organization guests can always log in with email and password, regardless of whether Google SSO is required for members or not.

SAML

Enterprise organizations can also enable SAML from the security tab of their admin console.

saml

enable

SAML session timeout

Super admins can set SAML session timeout between 1 hour and 30 days in the admin console. Members will be automatically logged out and asked to log in again after the specified timeout set.

saml session timeout

Settings

security

From the settings tab, you can:

  1. Change the name of your organization
  2. View or change your organization’s list of verified domains
  3. Request an export of all the data in your organization as a JSON file

Admin Controls for artificial intelligence features

Asana’s artificial intelligence features use machine learning to sort, filter, or categorize data to offer features that help users in your organization to optimize their workflows.

Optimize with artificial intelligence

These features are further described in the admin console, where they can also be enabled or disabled by super admins. Customers can choose whether artificial intelligence features are enabled for the organization. If artificial intelligence features are not enabled, the organization's data will not be processed to power these features.

artificial intelligence

Super admins can enable or disable artificial intelligence features as follows:

  1. Click your profile picture in Asana and navigate to the Admin console
  2. Click the Settings tab
  3. Under Domain settings select Optimize with artificial intelligence

From this window you will see which features are enabled or disabled for your organization. You can choose to turn them on or off by checking the appropriate box.

Please note, disabling a feature from this window will disable this experience for the entire organization.

Artificial intelligence features are not available for workspaces in Asana.

If you are an admin of an organization that does not have any super admins, you can disable these features, but cannot enable them again. To enable them, you will need to complete the super admin verification process or contact the Support team. A warning banner will be displayed in-product before an admin makes this change.

AI table

To learn more about how Asana processes your information, see Asana’s Privacy Statement.

Profile field editability controls

Asana has SCIM integrations with leading identity provider platforms that enable customers to import user profile information such as title and department into Asana. As this information is imported from identity systems, admins may want to control whether or not users can edit this information in Asana using profile field controls.

Profile field editability controls - admin console

Super admins can choose which profile fields users can edit by going to Admin console > Security > SCIM-related settings > User profile settings

We only recommend restricting users from editing this information in Asana if your organization is syncing user profile fields via SCIM to Asana. Otherwise, users will lack the ability to add this information to their profiles.

Admins can still update locked attributes on behalf of other users by making changes to the users’ profiles from the Members tab in the admin console.

Profile field editability controls - settings

Super admins can toggle profile field editability controls on or off for Job title or Department or team.

Profile field editability controls - locked

When super admins have restricted edits to Job title and Department or team fields, users will see these fields locked for edits when they go to their profile settings.

Domain export

Super admins can request an export of all the data in your organization as a JSON file. You can do this from the settings tab of your admin console. Please note that domain export is an Enterprise feature.

export

Super admins can choose to export only text, or export text and attachments.

attachments

Certain attachment types including video transcriptions, cover photos for forms, and user profile pictures are not currently included in the attachment export. If you require data that you aren't able to export, please contact us.

App management and integrations

App management provides super admins in Enterprise organizations the ability to monitor and control the apps, personal access tokens (PATs) and service accounts that are active in their domain.

Division admins and non-super admins users will not have access to this feature

Super admins can now self serve the following in the admin console:

  1. See which apps are connected and have access to data in the domain
  2. Block certain apps from being used by users in the domain
  3. Place a domain in 'approval mode' where no apps are allowed unless explicitly approved by the super admin
  4. Manage service accounts
  5. Allow or disallow the usage of PATs in the domain.
  6. Allow or disallow rules from being triggered by web requests from external services.

If you have additional queries around feature blocking or controls, please reach out to your Customer Success team contact or Asana Support.

To learn more about service accounts take a look at our service accounts article.

Viewing connected apps

console
 

  1. Navigate to the admin console
  2. Navigate to the Apps section in the left sidebar and you should land on the Manage apps, Connected apps tab. This will show a list of all the apps connected by users in the Asana domain along with when the app was last used in this domain (this takes 24 hours to update)

appdetails

Clicking on any of these will bring you to an app's page. This is populated with details about the app. Details include:

  1. Brief description of the app if available
  2. Who the developer is and any support or privacy policy links the developer may have supplied
  3. Recent usage stats
  4. Permissions granted to the app

Global app settings

global

A super admin should decide how they want to manage apps. There are 3 main modes of control which can be found in the global app settings page.

Allow all apps (default)

Admins can manage a list of blocked apps, otherwise all apps can be used by default

Require app approval

Admins manage a list of approved apps. Apps cannot be used unless it is on a list of approved apps.

External automation permissions

Admins can allow or disallow rules from being triggered by web requests from external services.

If an organization is in "require app approval" mode, and a guest using an app that is not approved joins the organization, the app will be blocked from working and the guest will be notified by email.

Blocking apps

block

This is used to explicitly block apps.

  1. Navigate to the apps page of a specific app from the Connected apps page
  2. Click the Block button

This will prevent all users in the domain (members + guests) from being able to connect to and use these apps. Existing users may see errors and the app may cease to function. For users in multiple domains, the block will prevent them from using the app in any of their domains

Unblocking apps

Navigate to the apps page of a specific app from the connected apps page Click the Unblock button. If your organization is in “require app approval” mode (see below), you will unblock by approving the app instead.

Once blocked existing users may be required to re-setup/reauthenticate depending on how the app behaves

App approvals

approval message

If the organization is in the “require app approval” mode, users will be prevented from connecting any apps that are not on the approved list which super admins can manage. Users will instead see a message with an option to request admin approval.

email

If the user clicks Send request, an email will be sent to the desired email addresses as configured on the global app settings page. By default this is all super admins but can be configured.

The admin will receive an email similar to the above example.

approve

Clicking Manage app in Asana will take the super admin to the app details page to be able to approve the app.

The requesting user will also receive an email letting them know that their admin has been notified. The user’s email address is also included in the app request email. We recommend having a process in place to monitor requests that come in and/or notifying users on what the next steps may be depending on how your company handles this.

Managing personal access tokens

pats

Personal access tokens can be used by users in the organization to create their own scripts and automations. Personal access tokens have access to whatever the creator has access to. A list of active personal access tokens that have access to your organization, the user that created it, and the last time the token was used in your domain can be viewed on the Personal access token page.

Admins can revoke personal access tokens on demand by clicking the Revoke button. Once you revoke a personal access token (PAT) the token will be deleted, and can no longer be used. The developer who created the token will receive an email letting them know their PAT has been removed.

enable

Personal access tokens can be enabled or disabled for the domain from the Global app settings page

Disabling personal access tokens will cause all existing personal access tokens belonging to users in their organization to be revoked and blocked. This may cause disruption to users so super admins should let users in their organization know before this is done.

Resources

resources

From the resources tab, you can:

  • Connect your team with onboarding tutorials and tips to help get started in Asana
  • Find resources to help your team master and discover new ways to use Asana
  • Explore and understand admin features

Disabling file attachments

The ability to disable file attachments is an Enterprise feature available to super admins.

Overview

The disabling file attachments feature allows super admins to ensure that Asana implementations across their organization meet all security and consistency requirements related to blocking any file attachments that are restricted as per their company’s security policies and preferred file integrations.

This feature gives better controls at a domain level to ensure strict upload policies in accordance with their organizational requirements.

IT admins will also have a quick way to enable or disable one or more or all of computer, Dropbox, Google Drive, Box and Onedrive / Sharepoint upload sources as per their company’s IT security policies and have it applied across all Asana product surface areas where attachments can be added.

How to access your file attachment options

Super admins can access their file attachments options settings through the Security tab of their admin console.

When you’ve opened the Security tab, scroll down to Admin controls and then click File attachment options.

File attachment options

The default setting is all attachments are enabled.

File attachment options 2

From the next window, you can select your file attachment preferences.

Unchecking “Allow attachments from Asana's apps, API, and other features”

unchecking attachments

Deselecting this will disable attachment types on

  • Web attachments
  • Mobile
  • API
  • Copy and paste
  • Forms
  • Drag and drop
  • Email forwarding

Disabling attachments from third party apps

To prevent the ability to attach files from third-party apps, you can block them from the Apps tab or select the desired app from the pop-up window. This means that the ability to add attachments from Dropbox, Google Drive, Box, and OneDrive/ SharePoint will no longer be allowed.

Disabling attachments on mobile

There’s no differentiation on the mobile app on attachments between uploads from third party apps and attachments from the device. This is because everything downloads to the device first.

The only way to disable on mobile is by disabling allow attachments from Asana's apps, API, and other features.

disabling file attachments on mobile

Sorry, we don't support this browser

Asana doesn't work with the internet browser you are currently using. Please sign up using one of these supported browsers instead.

Choose your language

Selecting a language changes the language and/or content on asana.com