Add-on Controls for Enterprise Teams

Last updated 11 November 2019

This feature is currently available in Heroku Enterprise.

Add-on controls let team admins control which add-ons can be used with apps in the team. Enabling the add-on controls feature restricts non-admin team members from installing add-ons that are not on the approved add-ons whitelist.

Setting up the add-ons whitelist

To set up the add-ons whitelist:

  1. Navigate to the team Settings page. Add-on Controls contains the approved list of whitelisted add-ons.
  2. In the search box, type the name of the add-on you would like to approve.
  3. Click the add-on to add it to the whitelist.

Addons-Controls-Dashboard

After the add-on whitelisting restrictions are enabled, the approved add-ons on this list are the only ones members can install to apps in the team.

To enforce the add-on controls, click Enable Add-ons Whitelisting Restrictions.

Enabling the controls does not cause any currently provisioned add-ons to stop working, but it prevents add-ons that are not on the whitelist from being installed from now on.

Handling whitelist exceptions and overrides

Whitelist exceptions are add-ons that are currently in use by at least one app in your team, but are not on the add-ons whitelist.

Addons-Controls-Exceptions

The primary reason for an add-on to appear on this list is that it was installed before the add-on controls were enabled.

A second reason that an add-on may appear as a whitelist exception is that it has been installed by an admin. Admins have the ability to override add-on controls by installing an add-on using the CLI. The ability to override add-on controls allows admins to try out an add-on before placing it on the whitelist, or to grant a “one-off” installation request by personally installing an add-on to the relevant app. In either case, this usage is tracked and the add-on will appear on the whitelist exceptions list.

To learn more about the usage of the add-on, click on the number of installs (displayed to the right side of the add-on name). This reveals information about which apps have the add-on installed and the date of installation.

Installing whitelisted add-ons

Team members can determine which add-ons are available for install by attempting to provision the add-on in Dashboard. Add-ons that are whitelisted can be installed, and ones that are not whitelisted will say so.

One of these five add-ons can not be installed.

Add-on installation restrictions

Add-ons that are not whitelisted for use are marked as restricted and cannot be installed. As an team member, if you see a restricted add-on that you would like to use, talk to your admin about getting it whitelisted.

On a user’s personal apps that are not part of the team, all add-ons will still be installable.

Feedback on add-on controls

As always, we welcome any feedback you have on this feature. Please reach out to us at ecosystem-feedback@heroku.com or contact us via support.

Feedback

Log in to submit feedback.