Apps and integrations can bring tremendous value to teams using Jira, Confluence, Bitbucket, and more. We know that for many of you, maintaining control over which apps are installed on your Atlassian instances is of utmost importance. That’s why installation for the vast majority of cloud apps is limited to admins (although end-users are able to send app requests to their admins).
Currently end-users can install and run OAuth 2.0 (3LO) apps without any admin involvement, which poses a concern for companies who want to maintain control over which apps are installed in their Atlassian environment.
To address this concern, this week we are releasing a new control toggle in the Admin Hub that allows site admins to turn off (or back on) end-user installation capabilities for OAuth 2.0 (3LO) apps.
If you are an org admin or a site admin and want to control end-user installs for OAuth 2.0 (3LO) apps, just go to the “Connected apps” tab in the Admin Hub and find the new “Security controls” section. There you should find a new “user-installed apps” control at the bottom of the page. Click “Block user apps” to block end users from installing OAuth 2.0 (3LO) apps.
If end-users have already installed OAuth 2.0 (3LO) apps that you would like to remove, you can do so by selecting “Manage” next to the app you’d like to remove on the same screen. End-user installed apps can be identified by the word “Users” in the “installed by” column.
As long as end-user app installs are disabled on a given site, when an end-user tries to install an OAuth 2.0 (3LO) app, they will see an alert on the consent screen letting them know that their admin has disabled end-user installs (see the experience below).
Of course, you’re welcome to turn end-user installs back on for this group of apps by coming back and updating the security control.
This change is the latest step on our journey to give you control and security on our cloud Marketplace. To learn more, check out the recording of our recent webinar on cloud app availability and security, or visit the Marketplace page on our Cloud Trust Center.
Maggie Norby Adams
Product Marketing Manager, Ecosystem
2 accepted answers
1 comment