App Management
- Skip Ahead to
- Overview
- Viewing connected apps
- Global app setting
- Blocking apps
- Unblocking apps
- App Approvals
- Managing Personal Access Tokens
Overview
App management provides Super Admins in Enterprise Organizations the ability to monitor and control the Apps, Personal Access Tokens (PATs) and service accounts that are active in their domain.
Division Admins and non-Super Admins users will not have access to this feature
Super Admins can now self serve the following in the Admin Console:
- See which apps are connected and have access to data in the domain
- Block certain apps from being used by users in the domain
- Place a domain in 'approval mode' where no apps are allowed unless explicitly approved by the Super Admin
- Manage Service Accounts
- Allow or disallow the usage of PATs in the domain.
If you have additional queries around feature blocking or controls, please reach out to your Customer Success team contact or Asana Support.
To learn more about Service Accounts take a look at our Service Accounts article.
Viewing connected apps
- Navigate to the Admin Console
- Navigate to the Apps section from the left nav and you should land on the Manage apps, Connected apps tab This will show a list of all the apps connected by users in the Asana domain along with when the app was last used in this domain (takes 24 hr to update)
Clicking on any of these will bring you to an apps page. This is populated with details about the app. Details include:
- Brief description of the app if available
- Who the developer is and any support or privacy policy links the developer may have supplied
- Recent usage stats
- Permissions granted to the app
Global app setting
A Super Admin should decide how they want to manage apps. There are 2 main modes of control which can be found in the Global app settings page.
Allow all apps (default)
Admins can manage a list of blocked apps, otherwise all apps can be used by default
Require app approval
Admins manage a list of approved apps. Apps cannot be used unless it is on a list of approved apps.
If an Organization is "require app approval" mode, and a guest using an app that is not approved joins the Organization, the app will be blocked from working and the guest will be notified by email.
Blocking apps
This is used to explicitly block apps.
- Navigate to the apps page of a specific app from the Connected Apps page
- Click the Block button
This will prevent all users in the domain (members + guests) from being able to connect to and use these apps. Existing users may see errors and the app may cease to function. For users in multiple domains, the block will prevent them from using the app in any of their domains
Unblocking apps
Navigate to the apps page of a specific app from the Connected Apps page Click the Unblock button. If your org is in “require app approval” mode (see below), you will unblock by approving the app instead.
Once blocked existing users may be required to re setup/reauthenticate depending on how the app behaves
App Approvals
If the organization is in the “require app approval” mode, users will be prevented from connecting any apps that are not on the approved list which Super Admins can manage. Users will instead see a message with an option to request admin approval.
If the user clicks “Send request”, an email will be sent to the desired email addresses as configured on the “Global app settings” page. By default this is all super admins but can be configured.
The admin will receive an email similar to the above example.
Clicking “manage app in Asana” will take the Super Admin to the app details page to be able to approve the app.
The requesting user will also receive an email letting them know that their admin has been notified. The user’s email address is also included in the app request email. We recommend having a process in place to monitor requests that come in and/or notifying users on what the next steps may be depending on how your company handles this.
Managing Personal Access Tokens
Personal access tokens can be used by users in the organization to create their own scripts and automations. Personal access tokens have access to whatever the creator has access to. A list of active personal access tokens belonging to users in the domain can be viewed on the “Personal access tokens” page
Personal access tokens can be enabled or disabled for the domain from the “Global app settings page”
Disabling personal access tokens will cause all existing personal access tokens belonging to users in their organization to be revoked and blocked. This may cause disruption to users so Super Admins should let users in their organization know before this is done.
