Authorize integration for specific workspaces

We have a customer trying to add our Asana integration, but they are running into a message saying they can’t until one of the workspaces they’ve been invited to approve the HourStack integration.

They have a primary workspace for their company, which is what they want to connect with our integration and then they get invited to other Asana workspaces by their customers. One must be on an enterprise plan since AFAIK that is the only plan that allows a whitelist of integrations for the workspace.

It doesn’t appear that there is a method for approving access to specific workspaces during the OAuth flow so I would expect that Asana would automatically block access to any workspace that doesn’t have the integration whitelisted, but instead, it seems that it is simply blocking the integration from being connected at all unless every workspace the user has access to whitelists the integration.

Of course, they aren’t going to ask their customers to whitelist an integration that isn’t actually going to be used on their workspace. This customer just wants access to their primary workspace and none of their client’s workspaces through our integration.

Is there a workaround available here or is it simply that this customer cannot use any integration that isn’t whitelisted by every workspace they are a member of?

Thanks in advance for any insight or ideas you might have!

Correct, there is not.

I haven’t run into this with my customers but this is a good point/question. @AndrewWong, is there a way to solve this issue that you all know of?

1 Like

@anthonycreek thank you for flagging this! Asana does provide enterprise plan admins the ability to block integrations. This prevents authorizations between users in the workspace and the app. Since auths are connected to the users, this block prevents the user from using the app in any workspace.

The main solution for now would be to request the workspace admin to approve HourStack. Often times admins block apps because they do not know what they are used for or how trustworthy the developer is and if provided the right context and information, may be willing to approve.

We realize this isn’t the ideal behavior and are working on ways to narrow controls to a per workspace basis. We’re working on enhancements to provide more information to admins so they can make a more informed decision about apps, we also encourage developers to have documentation around what data their app uses for what purpose.

1 Like

Thanks for the clarification @TonyC and @Phil_Seeman.