Organizations can now exercise more precise control over which individuals are permitted to request GitHub Apps and OAuth apps. This update is designed to help organizations enforce stricter governance policies while still allowing for adaptable security configurations. This functionality is currently available in public preview.
Enhanced App Request Controls
Previously, organizations had the sole option to prevent app access requests from outside collaborators. The new system introduces three tiered control options:
- Members and outside collaborators: This option allows both organization members and outside collaborators to request apps, mirroring the previous default behavior.
- Members only: With this setting, outside collaborators are blocked from requesting apps, while organization members retain this ability.
- Disable app access requests: This most restrictive option prevents all individuals, including both members and outside collaborators, from requesting any apps.
To implement these changes, administrators should navigate to their organization’s settings, select Member Privileges, and then choose the desired option under App access requests. This refined control mechanism helps ensure that all third-party applications undergo appropriate approval processes and security evaluations before being considered for installation.
Further details are available in the documentation titled “Limiting app requests”. This feature is slated for inclusion in GHES 3.21.
Providing Feedback
For any questions or to provide feedback, individuals can visit the GitHub Community.
