App Management

Overview

App management provides Super Admins in Enterprise Organizations the ability to monitor and control the Apps, Personal Access Tokens (PATs) and service accounts that are active in their domain.

Division Admins and non-Super Admins users will not have access to this feature

Super Admins can now self serve the following in the Admin Console:

  1. See which apps are connected and have access to data in the domain
  2. Block certain apps from being used by users in the domain
  3. Place a domain in 'approval mode' where no apps are allowed unless explicitly approved by the Super Admin
  4. Manage Service Accounts
  5. Allow or disallow the usage of PATs in the domain.
    If you have additional queries around feature blocking or controls, please reach out to your Customer Success team contact or Asana Support.

To learn more about Service Accounts take a look at our Service Accounts article.

Viewing connected apps

console
 

  1. Navigate to the Admin Console
  2. Navigate to the Apps section from the left nav and you should land on the Manage apps, Connected apps tab This will show a list of all the apps connected by users in the Asana domain along with when the app was last used in this domain (takes 24 hr to update)

appdetails

Clicking on any of these will bring you to an apps page. This is populated with details about the app. Details include:

  1. Brief description of the app if available
  2. Who the developer is and any support or privacy policy links the developer may have supplied
  3. Recent usage stats
  4. Permissions granted to the app

Global app setting

global

A Super Admin should decide how they want to manage apps. There are 2 main modes of control which can be found in the Global app settings page.

Allow all apps (default)

Admins can manage a list of blocked apps, otherwise all apps can be used by default

Require app approval

Admins manage a list of approved apps. Apps cannot be used unless it is on a list of approved apps.

If an Organization is "require app approval" mode, and a guest using an app that is not approved joins the Organization, the app will be blocked from working and the guest will be notified by email.

Blocking apps

block

This is used to explicitly block apps.

  1. Navigate to the apps page of a specific app from the Connected Apps page
  2. Click the Block button

This will prevent all users in the domain (members + guests) from being able to connect to and use these apps. Existing users may see errors and the app may cease to function. For users in multiple domains, the block will prevent them from using the app in any of their domains

Unblocking apps

Navigate to the apps page of a specific app from the Connected Apps page Click the Unblock button. If your org is in “require app approval” mode (see below), you will unblock by approving the app instead.

Once blocked existing users may be required to re setup/reauthenticate depending on how the app behaves

App Approvals

approval message

If the organization is in the “require app approval” mode, users will be prevented from connecting any apps that are not on the approved list which Super Admins can manage. Users will instead see a message with an option to request admin approval.

email

If the user clicks “Send request”, an email will be sent to the desired email addresses as configured on the “Global app settings” page. By default this is all super admins but can be configured.

The admin will receive an email similar to the above example.

approve

Clicking “manage app in Asana” will take the Super Admin to the app details page to be able to approve the app.

The requesting user will also receive an email letting them know that their admin has been notified. The user’s email address is also included in the app request email. We recommend having a process in place to monitor requests that come in and/or notifying users on what the next steps may be depending on how your company handles this.

Managing Personal Access Tokens

pats

Personal access tokens can be used by users in the organization to create their own scripts and automations. Personal access tokens have access to whatever the creator has access to. A list of active personal access tokens belonging to users in the domain can be viewed on the “Personal access tokens” page

enable

Personal access tokens can be enabled or disabled for the domain from the “Global app settings page”

Disabling personal access tokens will cause all existing personal access tokens belonging to users in their organization to be revoked and blocked. This may cause disruption to users so Super Admins should let users in their organization know before this is done.

Sorry, we don't support this browser

Asana doesn't work with the internet browser you are currently using. Please sign up using one of these supported browsers instead.

Choose your language

Selecting a language changes the language and/or content on asana.com