Search overlay panel for performing site-wide searches

Boost Performance & Scale with Postgres Advanced. Join Pilot Now!

Add-on Controls for Pay-As-You-Go Customers

Add-on Controls for Heroku Teams

At Heroku, trust and security are top priorities and we’ve been steadily adding more security controls to the platform. Recently, we launched SSO for Heroku Teams, and today, we’re excited to announce more enhancements for teams: add-on controls. Previously, this feature was only available to Heroku Enterprise customers.

The Elements Marketplace has add-ons built by our partners that help teams accelerate app development on Heroku. Add-ons can interact with your team’s data and apps, so it’s important to manage and audit which add-ons your team uses. Enabling add-on controls helps keep your data and apps protected, so you can remain compliant with your company’s policies.

With today’s announcement, Heroku users with team admin permissions can now control which add-ons their team can use. Enabling this feature restricts non-admin members to only installing add-ons that are on the allowlist.

Setting Up the Allowlist

To begin using add-on controls, a team admin creates a trusted list of add-ons in the Add-on Controls section of the team’s **Settings** page.

To enforce the add-on controls, click Enable Add-ons Allowlisting Restrictions.

image

Enabling add-on controls doesn’t remove existing installed add-ons that aren’t on the allowlist.

Allowlist Exceptions

The Add-on Controls section has an **Allowlist Exceptions** list. This list shows the add-ons currently used in your team’s apps that aren’t allowlisted. Each entry in this list offers a detailed view option, showing you which app has the add-on installed and since when. These entries help you identify unapproved add-ons your team installed prior to enabling controls, or add-ons installed by an admin.

Screenshot 2024-03-11 at 7

Conclusion

At Heroku, we take the security and availability of your apps seriously. Extending add-on controls to Heroku Teams for online customers is yet another step to improving security on Heroku.

If you have any thoughts or suggestions on future reliability improvements we can make, check out our public roadmap on GitHub and submit an issue!