Controlling who can request apps for your organization is now generally available

[ebndev]

Organizations now have more granular control over who can request GitHub Apps and OAuth apps. This enhancement helps you implement stricter governance policies while maintaining flexibility for your security posture. This capability is now generally available.

What's changed

Previously, organizations could only disable app access requests from outside collaborators. Now, you can choose from three graduated control options:

• Members and outside collaborators: Members and outside collaborators can request apps. This is the existing default behavior.
• Members only: Block outside collaborators from requesting apps while permitting organization members to do so.
• Disable app access requests: Prevent both members and outside collaborators from requesting any apps.

To configure this change, navigate to your organization's settings, select Member Privileges, and choose your preferred option under "App access requests". This graduated control mechanism ensures all third-party apps go through proper approval channels and security reviews before being considered for installation.

To learn more, see "Limiting app requests". This will be included in GHES 3.21.

How to give feedback

If you have any questions or feedback, drop a comment in our Community discussion.

[stevehipwell]

Is there going to be REST API support for this feature?

[manumns]

This improvement is good, thanks. I wonder if this could be a little more fine-grained and restrict which groups/roles/users have permission to request apps. In large orgs, things can become noisy when everyone has permission to request. Thank you.

[mynameistechno]

Yes I came here to request the same. I'd like to limit requests with eg. a team or team+role.

One simple enhancement would be to add a "restrict requests to users with the App Manager role"

[MERT-CKR]

Nice feature

[thapakorn140939-a11y]

[thapakorn140939-a11y]