Add-on Controls for Enterprise Teams

Last updated August 03, 2020

This feature is currently available in Heroku Enterprise.

Add-on controls let team admins control which add-ons can be used with apps in the team. Enabling the add-on controls feature restricts non-admin team members from installing add-ons that are not on the approved add-ons allowlist.

Setting up the add-ons allowlist

To set up the add-ons allowlist:

  1. Navigate to the team Settings page. Add-on Controls contains the approved list of allowlisted add-ons.
  2. In the search box, type the name of the add-on you would like to approve.
  3. Click the add-on to add it to the allowlist.

Add-ons Controls Dashboard

After the add-on allowlisting restrictions are enabled, the approved add-ons on this list are the only ones members can install to apps in the team.

To enforce the add-on controls, click Enable Add-ons Allowlisting Restrictions.

Enabling the controls does not cause any currently provisioned add-ons to stop working, but it prevents add-ons that are not on the allowlist from being installed from now on.

Handling allowlist exceptions and overrides

Allowlist exceptions are add-ons that are currently in use by at least one app in your team, but are not on the add-ons allowlist.

The primary reason for an add-on to appear on this list is that it was installed before the add-on controls were enabled.

A second reason that an add-on may appear as a allowlist exception is that it has been installed by an admin. Admins have the ability to override add-on controls by installing an add-on using the CLI. The ability to override add-on controls allows admins to try out an add-on before placing it on the allowlist, or to grant a “one-off” installation request by personally installing an add-on to the relevant app. In either case, this usage is tracked and the add-on will appear on the allowlist exceptions list.

To learn more about the usage of the add-on, click on the number of installs (displayed to the right side of the add-on name). This reveals information about which apps have the add-on installed and the date of installation.

Installing allowlisted add-ons

Team members can determine which add-ons are available for install by attempting to provision the add-on in Dashboard. Add-ons that are allowlisted can be installed, and ones that are not allowlisted will say so.

One of these five add-ons can not be installed.

Add-on installation restrictions

Add-ons that are not allowlisted for use are marked as restricted and cannot be installed. As an team member, if you see a restricted add-on that you would like to use, talk to your admin about getting it allowlisted.

On a user’s personal apps that are not part of the team, all add-ons will still be installable.

Feedback on add-on controls

As always, we welcome any feedback you have on this feature. Please reach out to us at ecosystem-feedback@heroku.com or contact us via support.

Feedback

Log in to submit feedback.

Heroku logo

Heroku Update
Starting November 28th, 2022, free Heroku Dynos, free Heroku Postgres, and free Heroku Data for Redis® will no longer be available.

If you have apps using any of these resources, you must upgrade to paid plans by this date to ensure your apps continue to run and to retain your data. For students, we will announce a new program by the end of September.

Learn More