Configure app access settings for your Enterprise account

Updated May 14, 2026 22:56

You can use app access settings to control which apps members of your Enterprise account can use in Zaps and Agents. You can choose to either restrict apps (an open policy) or allow apps (a closed policy). By the end of this tutorial, you'll have configured your app access settings to restrict or allow apps for your account members.

Available on plans:

Free

Professional

Team

Enterprise

Before you begin

You must be an admin, super admin, or owner of your account to enable this feature.
Your account must have one or more verified domains.
Familiarity with app access policies is helpful to understand the difference between restricted and allowed apps.

Select your app access setting

In the left sidebar on the Zapier home page, click Admin Center to be redirected to the Admin Center.
In the left sidebar under the Governance section, select App permissions to be redirected to those settings.
- The default is the Restricted apps page.
- If you previously selected an option, that option will be displayed.
- The other option will be displayed as hyperlinked text so you can click to change.

Restrict apps

When you restrict an app, no one in your account can use that app. Members can still use any app that is not on your restricted list.

Add a restricted app

In the left sidebar on the Zapier home page, click Admin Center.
In the left sidebar under the Governance section, select App permissions.
Click Add app. You'll be redirected to the Add restricted app page.
In the Search for an app field, search for and select the app you want to restrict.
- You'll see a warning notification if any members are currently using the app.
- You can review the app connections and any associated Zaps on the Apps page.
Click Add restricted app.

Remove a restricted app

On the Restricted apps page, select the app. You'll be redirected to the restriction page for the app.
In the top right, click Remove APP restriction. A dialog box will appear.
Click Remove to confirm.

(Optional) Add member or team exceptions

You can create exceptions to your restricted list so specific members or teams are permitted to use the app.

On the Restricted apps page, select the app. You'll be redirected to the restriction page for that app.
In the Allow app for specific members or teams field, search for and select a member or team in your account.

(Optional) Remove member or team exceptions

On the Restricted apps page, select the app. You'll be redirected to the restriction page for that app.
In the Members/teams with access section, click Remove next to the exempted member or team.
The button will convert to "Are you sure?".
Click Are you sure? to confirm.

Example

If you add Quickbooks to your restricted apps list, you can add an exception for your accounting team. This will give your accounting team access to Quickbooks, while the rest of your account will still be restricted from using the app.

Limitations

You can only enable either restricted apps or allowed apps settings. You cannot enable both.
You can switch settings at any time. If you switch to a setting you previously used:
- Your last settings will be pre-populated.
- Any held runs resulting from the previous setting can be replayed as long as the app is now permitted.
Members of your account will still be able to connect their app accounts and use them to set up triggers and actions (including loading or creating test records), but they will not be able to publish and run the Zap. Agents that use a restricted app may also be impacted.
You can only add an exception for one member or team at a time.
By default, these settings are account-wide. Account admins, super admins, and owners will be affected by these limits unless you add exceptions.

Plan limitation

If you downgrade your Enterprise account, you will lose access to this feature.

Allow apps

When you add an allowed app, all members of your account can use it. Members cannot use any app that is not in your allowed list.

Add an allowed app

In the left sidebar on the Zapier home page, click Admin Center.
In the left sidebar under the Governance section, select App permissions.
Click Change to allowed apps to switch to the allowed apps setting. A dialog box will appear.
Click Change to allowed apps to confirm the change.
Click Add app. You'll be redirected to the Add allowed app page.
In the Search for an app field, search for and select the app you want to allow.
Click Add allowed app.
- You'll see a notification if: Any Zaps in your account use the app (those steps were held during Zap runs). You can review the app connections and any associated Zaps on your Apps page. The app is already allowed.
You'll be redirected to the allowance page for the app.
- By default, everyone in your account will have access to the app.

Remove an allowed app

On the Allowed apps page, select the app. You'll be redirected to the allowed page for that app.
In the top right, click Delete app. A dialog box will appear.
Click Yes, delete to confirm.

(Optional) Prohibit specific actions

By default, everyone in your account can use all actions in an allowed app. You can limit which actions, including API requests, members can use as well as add exceptions for specific members and teams.

On the Allowed apps page, select the app that you want to add an exemption to. You'll be redirected to the allowed page for that app.
Select a specific user, team, or Everyone. You'll be redirected to the Actions page for the app.
Select the checkbox next to each action you want to disallow. A menu bar will appear at the bottom of the page.
Select Restrict. A dialog box will appear.
Click Restrict to confirm.

(Optional) Remove prohibitions to specific actions

On the Allowed apps page, select the app that you want to add an exemption to. You'll be redirected to the allowed page for that app.
Select a specific user, team, or Everyone. You'll be redirected to the Actions page for the app.
Select the checkbox next to each action you want to allow. A menu bar will appear at the bottom of the page.
Select Allow. A dialog box will appear.
Click Allow to confirm.

Example

If you add Quickbooks to your allowed apps list, you can add an exception for your accounting team. This will allow only your accounting team to have access to the app. The rest of your account will not be allowed to use the app.
Juana is a member of the Sales team in her company's Zapier account. The Sales team is allowed to use the Create a lead action in Salesforce. If an admin removes Juana's permission to use the Create a lead action, she will still be allowed to use the action because it's permitted for the Sales team, which she is a member of.

Limitations

You can only enable either restricted apps or allowed apps settings. You cannot enable both.
You can switch settings at any time. If you switch to a setting you previously used:
- Your last settings will be pre-populated.
- Any held runs resulting from the previous setting can be replayed as long as the app is now permitted.
Members of your account will still be able to connect their app accounts and use them to set up triggers and actions (including loading or creating test records), but they will not be able to publish and run the Zap. Agents that use a prohibited app may also be impacted.
You can only add an exception for one member or team at a time.
By default, these settings are account-wide. Account admins, super admins, and owners will be affected by these limits unless you add exceptions.

App limitations

You can restrict existing custom actions, but you cannot prevent members from creating new custom actions.

Action prohibitions

You can only restrict actions at this time.
- Triggers are not supported. To restrict triggers, you must remove the app from your allowed list entirely.
- If you restrict all actions for the "Everyone" group, that group will still have access to triggers for the allowed app.
Zapier will default to allowing the broadest permissions for an app.
- This may override a specific restricted action setting you've enabled.

Plan limitations

If your account is on a legacy Company plan with 200,000 tasks or less, you cannot use restricted actions.
If you downgrade your Enterprise account, you will lose access to this feature.

Note

Switching policies can disrupt your workflows. When you change from one policy to another, Zap steps using affected apps may be held, Agents may not run as expected, and members may be unable to publish Zaps until the app is permitted under the new policy. Before switching, identify affected Zaps and Agents, prepare your new app list, and communicate changes to your team. Learn more about what happens when you switch policies.

Next steps

You've configured app access settings for your Enterprise account.

Learn about app access policies to understand how to choose between restricted and allowed apps
Set up Zap approvals to add governance to your workflows
Create teams to organize members and apply app access exceptions

Learn more about Zapier Early Access

Contact Support
Get help from Zapier Support. Contact Support
Visit Community
Find answers and inspiration. Visit Community
Hire an Expert
Leverage professionals across the globe ready to help. Hire an Expert
Zapier Academy
Take courses designed to help you become a better Zapier user. Zapier Academy

Before you begin

Select your app access setting

Restrict apps

Add a restricted app

Remove a restricted app

(Optional) Add member or team exceptions

(Optional) Remove member or team exceptions

Limitations

Plan limitation

Allow apps

Add an allowed app

Remove an allowed app

(Optional) Prohibit specific actions

(Optional) Remove prohibitions to specific actions

Limitations

App limitations

Action prohibitions

Plan limitations

Next steps

Zapier Early Access

Contact Support

Visit Community

Hire an Expert

Zapier Academy