- Skip Ahead to
- Access the admin console
- Manage members
- Deactivating a member in your organization
- Restoring a deactivated member
- Filter by member type
- Export membership data to CSV
- Export team data to CSV
- Manage teams
- Team privacy settings
- Manage time periods
- Manage billing information
- Change or edit your plan size and tier
- Guest invite controls
- Security contact email
- Google SSO
- SAML session timeout
- Profile field editability controls
- Domain export
- Access resources and answer product questions
- Disabling file attachments
The admin console empowers all Asana admins and super admins with the administrative capabilities they need to champion Asana within their organizations.
Access the organization admin console
To access the admin console:
- Click on your profile photo
- In the drop-down menu, select Admin Console
Team admins cannot access the admin console.
Get insights into your organization
From the Insights tab, you can:
- Understand how your organization is using Asana through high-level metrics
- See recently added teammates
- View the most influential members in your organization (active members with the most invites sent, teams created, and projects shared in Asana)
- With Business, you can view detailed engagement activity over time to spot trends in your organization's usage of Asana
Manage all members in an organization
From the Members tab, you can see how many members and guests you have in your Asana organization as well as how many seats you have available. If you need to add members, grant admin access, or deprovision a member, you can easily do so.
From the members tab, you can:
- Invite new members to join a team in your organization
- Identify the number of members, guests, pending invites and the number of available seats in your organization
- Search for someone in your organization
- View each person's name, whether they're an admin, member or guest and when they were last active in your organization
- Edit profile settings or Remove by hovering over their name, clicking the three dot icon and selecting one of the options
Deactivating a member in your organization
To remove a person from your organization, navigate to the Members tab of your admin console.
Find the name of the person by scrolling down or using the search bar. Once you’ve found the person, click the three dot icon and select Remove.
From the next tab, you can:
- Choose the member you want to reassign the tasks to
- Click Remove to confirm the deactivation
The deactivated member will then show in your member’s list as Removed.
What happens to a deprovisioned person’s tasks?
After you have deprovisioned someone from your organization, a private project containing their previously assigned tasks will be auto generated. You can assign this to yourself or another member of your organization. This allows you to easily assign pending tasks to the appropriate person to manage.
A simple next step solution to delegating would be to multi-select deprovisioned tasks, where you can take mass actions on tasks and even bulk assign them to yourself or other organization members.
The time of the deactivation will appear in the Last activity column.
Restoring a deactivated member
Restore a deactivated member by finding their name in your member’s tab. Then click the three dot icon and select Restore.
From the next window, select Restore.
If your reactivation fails, the admin for your organization will receive a task asking them to reach out to our Support team.
Filter by member type
From the Members tab of your admin console, you can filter your member list by member type. To do this click on the drop-down arrow next to the member type filter and choose from All, Admin, Member, Guest, Invited or Removed.
The Team access tab on a member's My Settings... gives admins insight into what specific users have access to and the ability to edit membership status.
From Edit profile settings admins can navigate to a member's My Settings... to access and manage teams.
To access a member's My Settings...:
- Click on the three dot icon across from a selected member to view options
- Click on Edit profile settings from the drop-down list
From here navigate to Team Access where you can browse teams, edit team access and add or remove members from teams.
Click on Team Access to:
- View the teams a user belongs to
- Add a user to any team in the organization
- Untick to remove the user from any team
- Save changes after any updates
Sort members by name, type and last activity
You can also sort your member, guest type and last activity by name (alphabetical order or reverse alphabetical order)so that you can see how recently anybody has last logged into the organization or if there are any outstanding invitations.
Export membership data to CSV
To export membership data to CSV:
- Click on the three dot icon from the Members tab
- Click Request CSV of Members
You will then receive an email message with the link to download.
The CSV file downloaded has the following fields:
- Email address
- Date joined organization
- Invited by
- Inviter email
- First login date
- Login method
- MFA state
- Last activity
- Number of teams
- Number of projects
From the Teams tab, you can:
- Create a new team in your organization
- View each team's name, number of members, privacy permissions, creation date & creator
- Edit a team by hovering over the three dot icon next to the Created by field and clicking the Edit team option that appears
Export team data to CSV
Super admins of a paid organization or a division can export their team list to CSV through the teams tab of their admin console.
To export team data to CSV:
- Navigate to Teams tab
- Click on Export CSV
You will then receive an email message with the link to download.
The CSV file downloaded has the following fields:
- Member count
- Created on
- Members (email)
- Limited access members (email)
- Pending invite (email)
CSV exports of organizations and divisions allow admins to keep track of which departments are using Asana to monitor seat usage and maintain the central billing within IT. The department or team field can be prepopulated using our SCIM integrations with Azure AD and Okta.
Large organizations can benefit from CSV exports when trying to facilitate departmental chargebacks.
Team privacy settings
Super admins for Enterprise organizations can set a default privacy level for teams in their organization.
When set, this will be the pre-selected option when creating a new team. Team creators can still create teams with other privacy levels as they choose.
To set your default privacy settings navigate to your admin console and click on the Security tab. Then, click on Team privacy settings.
From the next tab, you can select your default setting.
Manage time periods
Asana sets up a default fiscal year for all organizations, and new goals will immediately have time periods attached. These time periods help you to align Asana with your fiscal year, and can be used for company and team goals. The default annual start date is January 1st, but you can use your admin console to change this.
From your admin console, click into the Settings tab and then Time periods From there select the time period to match your organization's annual operating rhythm and choose when you want this time period change to begin. Time periods are organization-wide and you will need to be an organization-wide admin to update these time periods. Only organization and workspace admins can update time periods through the admin console, all other admins will need to contact support to update time periods.
Individual users can also manually add time periods to existing goals. When admins make changes to their fiscal year, those changes are reflected and applied across all goals where there is no custom due date, or is different from the time period date range.
Manage billing information
The billing owner of a Premium organization, who is also the admin, can access their billing through the admin console.
From the billing tab, you can:
- Change your type of paid plan
- View your seat utilization
- Update your billing information
- Reassign billing ownership of the account
- Download your latest invoice
Only the current billing owner of an organization will be able to update the billing information, reassign billing ownership or download the latest invoice.
View and download invoices
Billing owners can view and download all historical invoices.
From Invoices in the Billing tab you can view the latest invoices and invoice history with an option to download all invoices for a particular year.
- Click on Invoice history
- View All Invoices
- Click on the download symbol to download year in bulk or select a particular month
Change or edit your plan size and tier
From the admin console click on the Billing tab.
From the Billing tab click on Change plan.
Here, you can choose to upgrade to Asana Business or if you’re already on a Business tier, you can choose to switch to Asana Premium.
When you’ve chosen your desired tier, click Confirm and change plan.
You must be the billing owner of your paid plan to edit its size or change tier.
From the security tab super admins can manage the following:
- Enable or disable Google SSO for your organization
- SAML authentication
- Two-factor authentication
- Set how long members can stay signed in to Asana
- Password settings
- Set password requirements for organization members or force a password reset for all members
- Admin controls
- Guest invite settings
- File attachment options
- Team privacy settings
- Read-only link sharing permissions
- Forms access permissions
- Reporting permissions
- Video recording permissions
- Time tracking permissions
- Admin access: Determine who the admins are for your organization.
- Data residency
- Mobile Apps
- Mobile data controls are available to Enterprise customers.
Manage organization admins
From your admin console, you can determine your organization’s admins and super admins.
Organization admins have edit access to the company’s mission statement.
You can choose your password strength by clicking into the Security tab of your admin console and clicking on Password strength.
You can choose between a simple and strong password. Simple passwords must have at least 8 characters and strong passwords must have at least 8 characters and must include characters from at least three of the following types: lowercase, uppercase, numbers, and special characters.
Changes to the password strength will only affect newly created passwords.
Guest invite controls
Super admins of Enterprise organizations or divisions can control who can invite organization guests (those without a company email address) into your Asana organization. Super admins can select one of the three options below to decide who has the ability to invite organization guests:
Admins & organization members
Everyone (this includes both organization members & guests)
If you'd like to enable one of these options for your organization, you can do so by accessing the Admin Console and then navigating to the Security tab.
To access the guest invite controls:
- Navigate to the Security tab of the Admin Console
- Under Admin Controls, click Guest invite settings
From here, you need to:
- Select one of the guest invite options
- Click Save changes
Once this has been enabled, those who no longer have the ability to invite organization guests will receive an error message when trying to do so in Asana.
If you are not the super admin, you can find your organization's admin(s) by clicking on your profile photo in the top right corner, accessing the Admin Console and viewing the super admin under the Members tab by selcting Admin from the Member type dropdown arrow.
Mobile data controls are available to Enterprise customers.
Add additional security to the Asana mobile apps (iOS and Android) to protect your organization’s data while enabling your team to work and collaborate from anywhere.
As a super admin, you can utilize the following mobile data controls for your organization:
By activating biometric authentication, you can allow users to unlock Asana on mobile devices using their fingerprint or facial recognition. You can set the frequency at which users will need to re-authenticate.
Screen capture permissions (Android only)
Choose whether users in your organization can take screenshots of the mobile app.
Restrict downloads or the ability to share attachments in Asana on mobile devices.
Restrict the Asana home widget on mobile devices, so users are unable to view tasks directly from the phone’s home screen.
Copy and paste permissions
Limit copy and paste permissions in the mobile app.
Security contact email
Super admins for paid organizations have the ability to add a security contact e-mail in their admin consoles to receive security updates from Asana. This feature means that Asana knows where to send these important communications.
Super admins for paid divisions can access this feature by contacting our support team firstname.lastname@example.org.
As a super admin for a paid organization, log into the Asana account with the super admin role for your organization. From there navigate to the admin console, then click Security in the sidebar and then click Security Contact Email.
Enter the email address you would like Asana to send communications to regarding security.
Super admins must first log in with their Google account in order to enable Google SSO. If you logged in with email and password, simply log out and in again using the blue Use Google Account button instead.
When you click Google Apps Authentication in the Security tab, you can:
- Set Google Sign-in as either optional or required for all members
- Once you've chosen an option, click Save Configuration
Organization guests can always log in with email and password, regardless of whether Google SSO is required for members or not.
Enterprise organizations can also enable SAML from the security tab of their admin console.
SAML session timeout
Super admins can set SAML session timeout between 1 hour and 30 days in the admin console. Members will be automatically logged out and asked to log in again after the specified timeout set.
From the settings tab, you can:
- Change the name of your organization
- View or change your organization’s list of verified domains
- Request an export of all the data in your organization as a JSON file
Profile field editability controls
Asana has SCIM integrations with leading identity provider platforms that enable customers to import user profile information such as title and department into Asana. As this information is imported from identity systems, admins may want to control whether or not users can edit this information in Asana using profile field controls.
Super admins can choose which profile fields users can edit by going to Admin console > Security > SCIM-related settings > User profile settings
We only recommend restricting users from editing this information in Asana if your organization is syncing user profile fields via SCIM to Asana. Otherwise, users will lack the ability to add this information to their profiles.
Admins can still update locked attributes on behalf of other users by making changes to the users’ profiles from the Members tab in the admin console.
Super admins can toggle profile field editability controls on or off for Job title or Department or team.
When super admins have restricted edits to Job title and Department or team fields, users will see these fields locked for edits when they go to their profile settings.
Super admins can request an export of all the data in your organization as a JSON file. You can do this from the settings tab of your admin console. Please note that domain export is an Enterprise feature.
Super admins can choose to export only text, or export text and attachments.
Certain attachment types including video transcriptions, cover photos for forms, and user profile pictures are not currently included in the attachment export. If you require data that you aren't able to export, please contact us.
App management and integrations
App management provides super admins in Enterprise organizations the ability to monitor and control the apps, personal access tokens (PATs) and service accounts that are active in their domain.
Division admins and non-super admins users will not have access to this feature
Super admins can now self serve the following in the admin console:
- See which apps are connected and have access to data in the domain
- Block certain apps from being used by users in the domain
- Place a domain in 'approval mode' where no apps are allowed unless explicitly approved by the super admin
- Manage service accounts
- Allow or disallow the usage of PATs in the domain.
If you have additional queries around feature blocking or controls, please reach out to your Customer Success team contact or Asana Support.
To learn more about service accounts take a look at our service accounts article.
Viewing connected apps
- Navigate to the admin console
- Navigate to the Apps section in the left sidebar and you should land on the Manage apps, Connected apps tab. This will show a list of all the apps connected by users in the Asana domain along with when the app was last used in this domain (this takes 24 hours to update)
Clicking on any of these will bring you to an app's page. This is populated with details about the app. Details include:
- Brief description of the app if available
- Recent usage stats
- Permissions granted to the app
Global app setting
A super admin should decide how they want to manage apps. There are 2 main modes of control which can be found in the global app settings page.
Allow all apps (default)
Admins can manage a list of blocked apps, otherwise all apps can be used by default
Require app approval
Admins manage a list of approved apps. Apps cannot be used unless it is on a list of approved apps.
If an organization is in "require app approval" mode, and a guest using an app that is not approved joins the organization, the app will be blocked from working and the guest will be notified by email.
This is used to explicitly block apps.
- Navigate to the apps page of a specific app from the Connected apps page
- Click the Block button
This will prevent all users in the domain (members + guests) from being able to connect to and use these apps. Existing users may see errors and the app may cease to function. For users in multiple domains, the block will prevent them from using the app in any of their domains
Navigate to the apps page of a specific app from the connected apps page Click the Unblock button. If your organization is in “require app approval” mode (see below), you will unblock by approving the app instead.
Once blocked existing users may be required to re-setup/reauthenticate depending on how the app behaves
If the organization is in the “require app approval” mode, users will be prevented from connecting any apps that are not on the approved list which super admins can manage. Users will instead see a message with an option to request admin approval.
If the user clicks Send request, an email will be sent to the desired email addresses as configured on the global app settings page. By default this is all super admins but can be configured.
The admin will receive an email similar to the above example.
Clicking Manage app in Asana will take the super admin to the app details page to be able to approve the app.
The requesting user will also receive an email letting them know that their admin has been notified. The user’s email address is also included in the app request email. We recommend having a process in place to monitor requests that come in and/or notifying users on what the next steps may be depending on how your company handles this.
Managing personal access tokens
Personal access tokens can be used by users in the organization to create their own scripts and automations. Personal access tokens have access to whatever the creator has access to. A list of active personal access tokens belonging to users in the domain can be viewed on the Personal access token page
Personal access tokens can be enabled or disabled for the domain from the Global app settings page
Disabling personal access tokens will cause all existing personal access tokens belonging to users in their organization to be revoked and blocked. This may cause disruption to users so super admins should let users in their organization know before this is done.
From the resources tab, you can:
- Connect your team with onboarding tutorials and tips to help get started in Asana
- Find resources to help your team master and discover new ways to use Asana
- Explore and understand admin features
Disabling file attachments
The ability to disable file attachments is an Enterprise feature available to super admins.
The disabling file attachments feature allows super admins to ensure that Asana implementations across their organization meet all security and consistency requirements related to blocking any file attachments that are restricted as per their company’s security policies and preferred file integrations.
This feature gives better controls at a domain level to ensure strict upload policies in accordance with their organizational requirements.
IT admins will also have a quick way to enable or disable one or more or all of computer, Dropbox, Google Drive, Box and Onedrive / Sharepoint upload sources as per their company’s IT security policies and have it applied across all Asana product surface areas where attachments can be added.
How to access your file attachment options
Super admins can access their file attachments options settings through the Security tab of their admin console.
When you’ve opened the Security tab, scroll down to Admin controls and then click File attachment options.
The default setting is all attachments are enabled.
From the next window, you can select your file attachment preferences.
Unchecking “Allow attachments from Asana's apps, API, and other features”
Deselecting this will disable attachment types on
- Web attachments
- Copy and paste
- Drag and drop
- Email forwarding
Disabling attachments from third party apps
To prevent the ability to attach files from third-party apps, you can block them from the Apps tab or select the desired app from the pop-up window. This means that the ability to add attachments from Dropbox, Google Drive, Box, and OneDrive/ SharePoint will no longer be allowed.
Disabling attachments on mobile
There’s no differentiation on the mobile app on attachments between uploads from third party apps and attachments from the device. This is because everything downloads to the device first.
The only way to disable on mobile is by disabling allow attachments from Asana's apps, API, and other features.