1. Zapier
  2. Your Zapier account
  3. Data privacy & security

Manage access to apps in Zapier

Updated

When planning how your teams will use Zapier, one of the most important decisions is how you'll handle apps across your organization. You have two main choices: an open apps policy (where apps are allowed by default) or a closed apps policy (where apps are restricted by default). An open policy lets team members quickly adopt and change the apps they connect with Zapier. A closed policy ensures tighter control by only allowing a small, carefully curated list of apps to be used.

You can use app access settings to control which apps members of your Enterprise account can use in Zaps and Agents. You can choose to either restrict apps (an open policy) or allow apps (a closed policy).

When you enable either the restricted apps or allowed apps setting, you’ll create a list of restricted or allowed apps depending on your settings:

Available on plans:

Free

Pro

Team

Enterprise

How it works

When you enable either the restricted apps or allowed apps setting, you’ll create a list of restricted or allowed apps depending on your settings:

App access setting Description Permitted operations
Restricted apps
  • Members can use any app on Zapier unless it’s on your restricted list.
  • App access is open but with restrictions.
  • This setting is enabled by default.
  • Add restricted apps
  • Add member or team exceptions.
Allowed apps
  • Members can only use apps on your allowed list.
  • App access is closed except where you’ve allowed access.
  • Add allowed apps
  • Prohibit specific actions in an allowed app.
  • Add member or team exceptions.

Members will no longer be able to publish any new or edited Zap that includes a prohibited app, and Agents that use a prohibited app may not run as expected. They will see a notification that the app is prohibited. If an existing Zap includes a prohibited app, it will remain on but steps that use the prohibited app will be held when the Zap runs. When a member views the Zap run details, they will see a notification on the step run indicating that the step was held due to the restricted app. They will not be able to replay the step as long as the app is prohibited.

You cannot have both settings enabled simultaneously.

Why manage app access?

App usage in Zapier is driven by your day-to-day business processes (like "quote to cash" or "lead routing") which remain relatively consistent. However, the tools you use to perform these steps evolve as your company's tech stack changes.

Your app access policy should balance three factors:

  • Speed and innovation: How quickly teams can adopt new tools and experiment.
  • Security and compliance: How well you control data flows and maintain regulatory requirements.
  • Governance: Who approves new tools and how oversight works.
App access setting Pros Cons
Restricted apps
  • Your organization wants to promote agility, experimentation, and autonomy.
  • You're comfortable with a "trust but verify" approach.
  • Your teams value speed and flexibility over strict control.
  • You have moderate compliance requirements.
  • You want to support experimentation with minimal barriers.
  • If desired, an admin can set up an approval process so that new Zaps still require a final check before going live.
  • Requires trust that team members follow best practices.
  • Can potentially result in "app sprawl" if not monitored.
  • May require ongoing administrative oversight.
Allowed apps
  • Your organization has strict compliance and security requirements (examples include industries like financial services and healthcare).
  • You need to ensure only vetted or official tools are used.
  • Data security and compliance demands strict controls.
  • You want consistent tools across your organization.
  • You want admins to have full visibility and control over which apps are used in your account.
  • Can slow adoption of new tools.
  • Require more administrative oversight.
  • Can create friction for teams that need special apps.

How to choose your app policy

Planning how your team will access and use apps through Zapier is crucial to scaling your automation strategy. Follow these steps to determine which policy is right for your organization:

1. Understand your business processes

Processes like "quote to cash" or "lead routing" have fundamental steps that remain consistent: capturing information, approving or assigning items, and moving them through a pipeline. The tools used in these steps can vary and may shift as your company's tech stack evolves. When evaluating your app policy, consider how tightly these processes need to be controlled.

2. Evaluate your organization's approach to innovation

Assess how quickly your teams need or want to adopt new tools. If your organization embraces citizen development where individual teams or power users can adopt new tools quickly, an open policy may be more suitable. If you work in a highly regulated or compliance-oriented industry, you might prefer a closed policy where every app must be explicitly allowed.

3. Determine your compliance requirements

Assess your industry's or organization's compliance and security needs. Heavily regulated fields, like financial services or healthcare, often require strict approval flows. A closed (restricted) policy is useful here because, by default, employees cannot connect apps unless they are approved and added to the allowlist. For fields with moderate compliance requirements, and where faster innovation is more important, an open (allowed) policy with Zapier's built-in approvals feature may strike the right balance.

4. Plan your app policy structure

Once you've identified your general approach, set up your app policies in Zapier.

5. Verify your policy with approval flows

No matter which policy you choose, you can use Zap approvals to add an extra governance layer. This allows open experimentation while maintaining oversight: team members create Zaps freely, but admins review before Zaps publish and run.

Note

Over time, your needs may change. Many organizations start with an open policy and gradually tighten it as they learn which apps are used most frequently. Others begin closed and gradually allow more apps as they gain confidence in their processes.

Prerequisites

  • You must be an admin, super admin, or owner of your account to enable this feature.
  • Your account must have one or more verified domains.

Select your app access setting

  1. Go to your account Settings page.
  2. In the left sidebar under the Admin settings section, select Security and privacy.
  3. In the Security section, select Allow or restrict apps. You'll be redirected to a new page.
  4. If: - Allowed apps is enabled, click Change to restricted apps. - Restricted apps is enabled, click Change to allowed apps.
Restrict an app Allow an app

Restrict apps

When you restrict an app, no one in your account can use that app. Members can still use any app that is not on your restricted list.

Add a restricted app

  1. Go to your account Settings page.
  2. In the left sidebar under the Admin settings section, select Security and privacy.
  3. Select Allow or restrict app. You'll be redirected to the Restricted apps page.
  4. Click Add app. You’ll be redirected to the Add restricted app page.
  5. In theSearch for an app field, search for and select theapp you want to restrict.
    • You’ll see a warning notification if any members are currently using the app.
    • You can review the app connections and any associated Zaps on the Apps page.
  6. Click Add restricted app.

Remove a restricted app

  1. On the Restricted apps page, select the app. You’ll be redirected to the restriction page for the app.
  2. In the top right, click Remove APP restriction. A dialog box will appear.
  3. Click Remove to confirm.

(Optional) Add member or team exceptions

You can create exceptions to your restricted list so specific members or teams are permitted to use the app.

  1. On the Restricted apps page, select the app. You’ll be redirected to the restriction page for that app.
  2. In the Allow app for specific members or teams field, search for and select a member or team in your account.

(Optional) Remove member or team exceptions

  1. On the Restricted apps page, select the app. You’ll be redirected to the restriction page for that app.
  2. In the Members/teams with access section, click Remove next to the exempted member or team.
  3. The button will convert to "Are you sure?".
  4. Click Are you sure? to confirm.
Example

If you add Quickbooks to your restricted apps list, you can add an exception for your accounting team. This will give your accounting team access to Quickbooks, while the rest of your account will still be restricted from using the app.

Limitations

  • You can only enable either restricted apps or allowed apps settings. You cannot enable both.
  • You can switch settings at any time. If you switch to a setting you previously used:
    • Your last settings will be pre-populated.
    • Any held runs resulting from the previous setting can be replayed as long as the app is now permitted.
  • Members of your account will still be able to connect their app accounts and use them to set up triggers and actions (including loading or creating test records), but they will not be able to publish and run the Zap. Agents that use a restricted app may also be impacted.
  • You can only add an exception for one member or team at a time.
  • By default, these settings are account-wide. Account admins, super admins, and owners will be affected by these limits unless you add exceptions.

Plan limitation

  • If you downgrade your Enterprise account, you will lose access to this feature.

Switch between app access policies

You can switch between restricted apps and allowed apps at any time. However, switching policies can impact your existing Zaps and Agents.

What happens when you switch

From restricted apps to allowed apps

  • Any published Zap that uses an app not on your allowed list will remain on, but steps using that app will be held when the Zap runs.
  • Agents that use an app not on your allowed list may not run as expected.
  • Members will not be able to publish new or edited Zaps that include apps not on the allowed list.

From allowed apps to restricted apps

  • Zaps and Agents that previously used prohibited apps can run again, unless those apps are now on the restricted list.
  • Any held runs from the previous policy can be replayed as long as the app is now permitted.

Before you switch

To minimize disruption to your workflows:

  1. Identify affected Zaps and Agents. Review your Apps page to see which apps are connected and used in Zaps and Agents across your account.
  2. Prepare your new app list. If switching to allowed apps, add all the apps your team currently uses to the allowed list before completing the switch. If switching to restricted apps, review which apps should be restricted.
  3. Communicate with your team. Let members know about the upcoming change and any apps that will be impacted.
  4. Plan for held runs. After switching, monitor your account for held Zap runs and Agent issues. You can replay held runs once the affected apps are permitted under the new policy.
Note

App access policies affect both Zaps and Agents. When planning a policy change, review both your Zaps and Agents to ensure all workflows continue to run as expected.

Planning how your team will access and use apps through Zapier is crucial to scaling your automation strategy. By choosing an open policy, you empower quick experimentation and innovation with minimal friction. This is ideal for organizations embracing citizen development. Alternatively, a closed policy gives you tighter control and ensures compliance, ideal for industries that need more stringent oversight.

No matter which approach you pick, Zapier's approvals feature provides additional governance so that you can fine-tune your workflows, maintain security, and keep your automation strategy aligned with your organizational goals.

Was this article helpful?
5 out of 7 found this helpful

Zapier Early Access

Get access to tomorrow’s no-code automation products and features today. By opting-in to our current and future pre-release products, you’ll work directly with the Zapier product team and join a dedicated community of automation enthusiasts. Learn more about Zapier Early Access