Enterprise Apps and installation automation (Preview) #963
Labels
all
Product SKU: All
cloud
Available on Cloud
enterprise administration
Feature: Enterprise server administration
GitHub Apps
Feature: GitHub Apps
github enterprise
Product SKU: GitHub Enterprise
preview
Feature phase: Preview
Comments
github-product-roadmap
added
all
blakebrunson
changed the title
# for free
to subscribe to this conversation on GitHub.
Already have an account?
#.
Summary
GitHub apps will be able to call APIs on the enterprise object, by being installed on an enterprise and granted new, fine-grained permissions that control access to the Enterprise. This allows administrators to deprecate the use of PATs (classic) and OAuth apps to manage their enterprises.
Intended Outcome
GitHub apps need to be able to operate at the Enterprise layer in order to best automate enterprise operations like managing settings, provisioning users, and reading the audit log. This update helps remove one of the last reasons developers and administrators are forced to use OAuth apps instead of the more secure and manageable GitHub app platform.
How will it work?
App developers will be able to specify Enterprises as a resource target, similar to how organizations and users are selected today. New fine-grained permissions (such as
enterprise_audit_log:read) will be created, which administrators can then grant to apps installed on their enterprise.The initial permission that this will ship with is the ability to manage GitHub Apps installed on organizations in the enterprise. This will allow administrators to automate the installation, uninstallation, and blocking of apps within their enterprise. Note, though, that this is an enterprise-level access still and "Enterprise apps" don't otherwise get access to organizations in the enterprise.
The text was updated successfully, but these errors were encountered: