Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Introducing a new control for end-user OAuth 2.0 (3LO) app installs

Apps and integrations can bring tremendous value to teams using Jira, Confluence, Bitbucket, and more. We know that for many of you, maintaining control over which apps are installed on your Atlassian instances is of utmost importance. That’s why installation for the vast majority of cloud apps is limited to admins (although end-users are able to send app requests to their admins).

Currently end-users can install and run OAuth 2.0 (3LO) apps without any admin involvement, which poses a concern for companies who want to maintain control over which apps are installed in their Atlassian environment.

To address this concern, this week we are releasing a new control toggle in the Admin Hub that allows site admins to turn off (or back on) end-user installation capabilities for OAuth 2.0 (3LO) apps. 



If you are an org admin or a site admin and want to control end-user installs for OAuth 2.0 (3LO) apps, just go to the “Connected apps” tab in the Admin Hub and find the new “Security controls” section. There you should find a new “user-installed apps” control at the bottom of the page. Click “Block user apps” to block end users from installing OAuth 2.0 (3LO) apps.

If end-users have already installed OAuth 2.0 (3LO) apps that you would like to remove, you can do so by selecting “Manage” next to the app you’d like to remove on the same screen. End-user installed apps can be identified by the word “Users” in the “installed by” column.

As long as end-user app installs are disabled on a given site, when an end-user tries to install an OAuth 2.0 (3LO) app, they will see an alert on the consent screen letting them know that their admin has disabled end-user installs (see the experience below).


3LO Controls gif.gif

Of course, you’re welcome to turn end-user installs back on for this group of apps by coming back and updating the security control.

This change is the latest step on our journey to give you control and security on our cloud Marketplace. To learn more, check out the recording of our recent webinar on cloud app availability and security, or visit the Marketplace page on our Cloud Trust Center.


Explore the Marketplace -> 

1 comment


Log in or Sign up to comment

It would be nice if we could do the same for atlassian products such as trello or private instances of JIRA

AUG Leaders

Atlassian Community Events