Skip to main content
The Apps panel at /admin/apps gives org Owners and Admins control over which connectors (integrations) are available to team members. Use app controls to standardize your org’s toolset, restrict unauthorized data connections, and pre-configure connectors for all members.
App controls are available to Owner and Admin roles. Standard Members cannot access /admin/apps.

What Are App Controls?

Connectors are the integrations that let ZeroTwo access external services — things like GitHub, Google Drive, Notion, Supabase, Linear, and others. By default, members can connect any available integration to their personal ZeroTwo account. App controls let you change that:
  • Allow specific connectors for your org (and restrict everything else)
  • Block specific connectors you don’t want members using
  • Pre-configure connectors so all members have org-level apps connected by default

Why Use App Controls?

Data Security

Prevent members from connecting personal accounts (social media, personal cloud storage) to a work AI workspace. Keep data flows within approved systems.

Standardization

Ensure your whole team uses the same set of tools. Avoid fragmentation where some members have GitHub connected and others don’t.

Compliance

Some organizations have policies about which external services can access their data. App controls help enforce those policies.

Onboarding

Pre-connect org-level apps so new members are productive from day one without manual setup.

What You Can Do

Allow or Restrict Connectors

You can configure which connectors are available to org members:
  • Allow all — members can connect any supported integration (default behavior)
  • Allow specific — only the connectors you approve are available; others are hidden or blocked
  • Block specific — most connectors remain available, but specified ones are restricted
To configure:
  1. Navigate to /admin/apps
  2. Find the connector you want to manage
  3. Set its status: Allowed, Blocked, or Required
  4. Save — the policy applies to all members

Pre-Connect Org-Level Apps

Some connectors can be configured at the org level so that all members automatically have them connected. This is useful for:
  • Company GitHub — connect your org’s GitHub so all developers have immediate access
  • Shared Google Drive — connect a shared workspace drive for the whole team
  • Project management tools — pre-connect Linear, Notion, or Jira to a shared workspace
To set up a pre-connected org app:
  1. Go to /admin/apps
  2. Find the connector you want to configure org-wide
  3. Add the org-level credentials or OAuth connection
  4. Enable it for all members
  5. New members who join the org will have this connector available automatically

Block Personal Connectors

If your org doesn’t want members connecting personal accounts that fall outside of work use:
  1. Navigate to /admin/apps
  2. Find connectors you want to restrict (e.g., personal Dropbox, Twitter/X, consumer apps)
  3. Set them to Blocked
  4. Members will not be able to connect these services
Communicate connector policies to your team before implementing restrictions. Members may be confused if they try to connect an app and find it blocked. A short team note explaining the policy saves support headaches.

Important Behavior Notes

App control changes affect new connections going forward. Existing personal connections that members have already set up are not automatically removed when you block a connector. To fully remove an existing connection, the member (or an Admin) needs to disconnect it manually from their connector settings.
This means:
  • If you block GitHub today, members who already have GitHub connected retain that connection
  • New connection attempts for blocked connectors will be prevented
  • If you need to remove existing connections, communicate with members to disconnect them, or contact ZeroTwo support for bulk revocation options

Connector Availability by Plan

App controls only apply within the org workspace context. The connectors available for org-level control depend on which integrations ZeroTwo supports. For a full list of supported integrations, see the Integrations section.

Best Practices

Start permissive, then tighten: Rather than blocking everything upfront, start by allowing all connectors and then restrict specific ones as issues or policies arise. This avoids disrupting members’ workflows unnecessarily. Document your connector policy: Maintain an internal doc (or use ZeroTwo itself) to document which connectors are approved, which are blocked, and why. This helps when onboarding new admins or answering team questions. Review periodically: As your team’s tools evolve, review your app control settings. Outdated restrictions may block connectors that are now approved; old org-level connections may need to be updated. Test before broad rollout: When pre-connecting an org-level app, test with one or two members before applying it broadly. Confirm that the credentials have appropriate permissions and that the integration works as expected.

Frequently Asked Questions

Yes. Org-level connectors use a centralized OAuth connection scoped to the org, rather than individual member credentials. Members access the org connector without needing to provide their own credentials for that service.
Members will see that the connector is unavailable. They can reach out to an Admin or Owner to request it be unblocked. There is no built-in request workflow — this is handled outside of ZeroTwo (e.g., via Slack or email).
App controls primarily govern Member access. Owners and Admins managing the /admin/apps panel are not subject to the same restrictions in the same way, as they have elevated access.
Some connector configurations allow you to designate connectors as required or pre-connected for all members. Check the individual connector options in /admin/apps for availability.