Add-on Controls for Enterprise Teams
Last updated 29 March 2018
Table of Contents
This feature is currently available in Heroku Enterprise.
Add-on controls let organization admins control which add-ons can be used with apps in the organization. Enabling the add-on controls feature restricts non-admin organization members from installing add-ons that are not on the approved add-ons whitelist.
Setting up the add-ons whitelist
To set up the add-ons whitelist:
- Navigate to the organization’s Settings page. “Add-on Controls,” contains the approved list of whitelisted add-ons.
- In the search box, type the name of the add-on you would like to approve.
- Click the add-on to add it to the whitelist.
After the add-on whitelisting restrictions are enabled, the approved add-ons on this list are the only ones members can install to apps in the organization.
To enforce the add-on controls, click the button that says “Enable Add-ons Whitelisting Restrictions.”
Enabling the controls does not cause any currently provisioned add-ons to stop working, but it prevents add-ons that are not on the whitelist from being installed from now on.
Handling whitelist exceptions and overrides
Whitelist exceptions are add-ons that are currently in use by at least one app in your organization, but are not on the add-ons whitelist.
The primary reason for an add-on to appear on this list is that it was installed before the add-on controls were enabled.
A second reason that an add-on may appear as a whitelist exception is that it has been installed by an admin. Admins have the ability to override add-on controls by installing an add-on using the CLI. The ability to override add-on controls allows admins to try out an add-on before placing it on the whitelist, or to grant a “one-off” installation request by personally installing an add-on to the relevant app. In either case, this usage is tracked and the add-on will appear on the whitelist exceptions list.
To learn more about the usage of the add-on, click on the number of installs (displayed to the right side of the add-on name). This reveals information about which apps have the add-on installed and the date of installation.
Installing whitelisted add-ons
Team members can determine which add-ons are available for install by attempting to provision the add-on in Dashboard. Add-ons that are whitelisted can be installed, and ones that are not whitelisted will say so.
Add-on installation restrictions
Add-ons that are not whitelisted for use are marked as restricted and cannot be installed. As an organization member, if you see a restricted add-on that you would like to use, talk to your admin about getting it whitelisted.
On a user’s personal apps that are not part of the organization, all add-ons will still be installable.
Feedback on add-on controls
As always, we welcome any feedback you have on this feature. Please reach out to us at ecosystem-feedback@heroku.com or contact us via support.