You can use app access settings to control which apps members of your Enterprise account can use. You can choose to either restrict or allow apps. You cannot have both settings enabled simultaneously.
When you enabled either the restricted apps or allowed apps setting, you’ll create a list of restricted or allowed apps depending on your settings:
| App access setting | Description | Permitted operations |
| Restricted apps |
|
|
| Allowed apps |
|
|
Available on plans:
Free
Professional
Team
Enterprise
How it works
Members will no longer be able to publish any new or edited Zap that includes a prohibited app. They will see a notification that the app is prohibited.
If an existing Zap includes a prohibited app, it will remain on but steps that use the prohibited app will be held when the Zap runs. When a member views the Zap run details, they will see a notification on the step run indicating that the step was held due to the restricted app. They will not be able to replay the step as long as the app is prohibited.
Prerequisites
- You must be an admin, super admin, or owner of your account to enable this feature.
- Your account must have one or more verified domains.
Select your app access setting
- Go to your account Settings page.
- In the left sidebar under the Admin settings section, select Security and privacy.
- In the Security section, select Allow or restrict apps. You'll be redirected to a new page.
- If:
- Allowed apps is enabled, click Change to restricted apps.
- Restricted apps is enabled, click Change to allowed apps.
Restrict apps
When you restrict an app, no one in your account can use that app. Members can still use any app that is not on your restricted list.
Add a restricted app
- Go to your account Settings page.
- In the left sidebar under the Admin settings section, select Security and privacy.
- Select Allow or restrict app. You'll be redirected to the Restricted apps page.
- Click Add app. You’ll be redirected to the Add restricted app page.
- In the Search for an app field, search for and select the app you want to restrict.
- You’ll see a warning notification if any members are currently using the app.
- You can review the app connections and any associated Zaps on the Apps page.
- Click Add restricted app.
Remove a restricted app
- On the Restricted apps page, select the app. You’ll be redirected to the restriction page for the app.
- In the top right, click Remove APP restriction. A dialog box will appear.
- Click Remove to confirm.
(Optional) Add member or team exceptions
You can create exceptions to your restricted list so specific members or teams are permitted to use the app.
- On the Restricted apps page, select the app. You’ll be redirected to the restriction page for that app.
- In the Allow app for specific members or teams field, search for and select a member or team in your account.
(Optional) Remove member or team exceptions
- On the Restricted apps page, select the app. You’ll be redirected to the restriction page for that app.
- In the Members/teams with access section, click Remove next to the exempted member or team.
- The button will convert to "Are you sure?".
- Click Are you sure? to confirm.
Example
ExampleIf you add Quickbooks to your restricted apps list, you can add an exception for your accounting team. This will give your accounting team access to Quickbooks, while the rest of your account will still be restricted from using the app.
Limitations
- You can only enable either restricted apps or allowed apps settings. You cannot enable both.
- You can switch settings at any time. If you switch to a setting you previously used:
- Your last settings will be pre-populated.
- Any held runs resulting from the previous setting can be replayed as long as the app is now permitted.
- Members of your account will still be able to connect their app accounts and use them to set up triggers and actions (including loading or creating test records), but they will not be able to publish and run the Zap.
- You can only add an exception for one member or team at a time.
- By default, these settings are account-wide. Account admins, super admins, and owners will be affected by these limits unless you add exceptions.
Plan limitation
- If you downgrade your Enterprise account, you will lose access to this feature.
Allow apps
When you add an allowed app, all members of your account can use it. Members cannot use any app that is not in your allowed list.
Add an allowed app
- Go to your account Settings page.
- In the left sidebar under the Admin settings section, select Security and privacy.
- Select Allow or restrict apps. You'll be redirected to the Allowed apps page.
- Click Add app. You’ll be redirected to the Add allowed app page.
- In the Search for an app field, search for and select the app you want to allow.
- Click Add allowed app.
- You'll be redirected to the allowance page for the app.
- By default, everyone in your account will have access to the app.
Remove an allowed app
- On the Allowed apps page, select the app. You’ll be redirected to the allowed page for that app.
- In the top right, click Delete app. A dialog box will appear.
- Click Yes, delete to confirm.
(Optional) Prohibit specific actions
By default, everyone in your account can use all actions in an allowed app. You can limit which actions, including API requests, members can use as well as add exceptions for specific members and teams.
- On the Allowed apps page, select the app that you want to add an exemption to. You’ll be redirected to the allowed page for that app.
- Click Everyone. You’ll be redirected to the Actions page for the app.
- Select the checkbox next to each action you want to disallow.
- At the top of the list, click the selections menu icon to open the dropdown menu.
- Select Restrict. A dialog box will appear.
- Click Restrict to confirm.
Everyone. You’ll be redirected to the Actions page for the app.
to open the dropdown menu.(Optional) Remove prohibitions to specific actions
- On the Allowed apps page, select the app that you want to add an exemption to. You’ll be redirected to the allowed page for that app.
- Click Everyone. You’ll be redirected to the Actions page for the app.
- Select the checkbox next to each action you want to disallow.
- At the top of the list, click the selections menu icon to open the dropdown menu.
- Select Allow. A dialog box will appear.
- Click Allow to confirm.
(Optional) Add member or team exceptions
- In the Allow app for specific members or teams field, search for and select a member or team in your account to except.
- Click Add.
(Optional) Remove member or team exceptions
- On the Allowed apps page, select the member or team. You’ll be redirected to the Actions page for them.
- In the top right, click Remove access. A dialog box will appear.
- Click Remove to confirm.
Example
- If you add Quickbooks to your allowed apps list, you can add an exception for your accounting team. This will allow only your accounting team to have access to the app. The rest of your account will not be allowed to use the app.
- Juana is a member of the Sales team in her company's Zapier account. The Sales team is allowed to use the Create a lead action in Salesforce. If an admin removes Juana's permission to use the Create a lead action, she will still be allowed to use the action because it's permitted for the Sales team, which she is a member of.
Limitations
- You can only enable either restricted apps or allowed apps settings. You cannot enable both.
- You can switch settings at any time. If you switch to a setting you previously used:
- Your last settings will be pre-populated.
- Any held runs resulting from the previous setting can be replayed as long as the app is now permitted.
- Members of your account will still be able to connect their app accounts and use them to set up triggers and actions (including loading or creating test records), but they will not be able to publish and run the Zap.
- You can only add an exception for one member or team at a time.
- By default, these settings are account-wide. Account admins, super admins, and owners will be affected by these limits unless you add exceptions.
App limitations
- You can restrict existing custom actions, but you cannot prevent members from creating new custom actions.
Action prohibitions
- You can only restrict actions at this time.
- Triggers are not supported. To restrict triggers, you must remove the app from your allowed list entirely.
- If you restrict all actions for the "Everyone" group, that group will still have access to triggers for the allowed app.
- Zapier will default to allowing the broadest permissions for an app.
- This may override a specific restricted action setting you've enabled.
Plan limitations
- If your account is on a legacy Company plan with 200,000 tasks or less, you cannot use restricted actions.
- If you downgrade your Enterprise account, you will lose access to this feature.