GITHUB apps can now be installed on Enterprise accounts with new authorizations with which you can call APIs for Enterprise administrations. The public preview of this new access pattern has a limited number of authorizations that unlock considerable automation options. With this version we also introduce a new series of Enterprise -APIS with which you can have the organizations of your company, which Github apps are installed and which access you can access. In this way, you can automatically install, check or manage apps in any organization. Say goodbye to click on hundreds of installation buttons!
In addition, corporate github apps can now be managed individually by users. An enterprise owner can assign an enterprise member as a manager of a company app. Further information on Enterprise app managers can be found under “Add and remove Github -app managers in your company”.
Enterprise installations
Apps belonging to a company organization or a company organization can now request a new “company” remalies. Enterprise owner now see your company listed as a valid installation target during the app installation for apps that belong in your company.
At the moment, companies can only install apps that belong to the company or organizations of the company. We will raise this restriction in the future if we expand the controls with these applications.
Access patterns for company installations
Enterprise installations grant the app access to the Enterprise account itself, but do not act as installations within the individual organization or repository. If you have to access organization or repository data, your app must be installed directly on these organizations. Fortunately, this preview with tools contains exactly with this need!
You can use the standard installation token pattern to get a token for your app that aims at a company or register in a user via Oauth to act on your name where your app is installed. For apps that are installed in both a company and in organizations, a user token can access both resource rates without any problems, provided the user also has the corresponding permissions.
Enterprise installations have their own tariff -limit budget, which is separated from the organization or the user installations. Each installation is budgeted 15,000 inquiries or 10,000 points per hour, the same budget as installing the company plan organization.
Enterprise installations cannot subscribe to webhooks at this time. If you need Enterprise Webhooks for your application, create an Enterprise Webhook subscription and let your application react to it.
Enterprise app permissions
Like organizations and repositories, access to companies is carried by fine -grained authorizations that the application must be granted to access or manage resources. Each API has a corresponding number of permissions required for access. This public preview starts with five new authorization rates for companies that unlock highly used APIs, as well as a new API to automate the installation of Github apps in your company.
We will continue to add fine-grained permissions to Enterprise API on Github to ensure that you can use all Github apps. Our goal is to increase support for the necessary automation scenarios and to continue to move away from Pats (Classic).
Github app installation management
A new one /organization-installations With the rest API you can display and control any Github app installation of the organizations of your company. You can install new Github apps in an organization, control which repositories apps access and uninstall them. Two permissions control these APIs:
- Installations of the company organization (reading/writing): Enables your app to display, create, edit and remove installations in your company. This is a very powerful writing authorization because it can be used to install applications with authorizations of the organizational administration and the reading letter for every repository. If it is granted as writing -protected permission, it is very useful for checking applications in your company. This approval contains the corresponding
Enterprise organization installation repositoriesReading or writing permission. - Repositories for company organization installation (reading/writing): This is a subgroup of the
Enterprise organization installationPermission to give only the possibility to change the possibility of which repositories have an installation to access, but not the option of installing new apps or uninstalling other apps. If you have access patterns that are based on apps, access to certain repository, this can help to automate this work without using pats and without the risk of new apps.
To find out how to use these permissions, see the API documentation for /organization-installations.
Enterprise Custom properties
The APIS -APIs for Enterprise Custom Properties support Github apps. Your app can use this APIS with the custom properties Permission to manage custom repository properties at the level of the company level.
Enterprise SSO and SCIM management
Enterprise Access Management via OIDC, Saml and Scim can now be managed by a Github app. The SCIM authorization is only available for Enterprise Managed User (EMU) Enterprises at the time, while SSO authorization is available to all companies.
Note: For Emus, the SSO setup still has to be completed by the first admin setup user. The new corporate permissions do not replace this requirement. The SCIM permit is currently only displayed for the Emus, since the SCIM is not yet supported in non-EMU companies.
Enterprise People Management
Github apps can now automate and control the invitation from users to your company whether it is a company owner or not. You can use this to create a JIT increase system that makes a user a company owner for a short time, or simply use it to inquire about your Enterprise members.
The GraphQL edges and mutations with which these permissions work are:
Create and remove organizations for your company
Github apps can now create organizations in their company and remove them. This approval is only available in a writing version because it does not support reading functions.
The GraphQL mutations with which these permissions work are:
If an app creates an organization, it must continue to provide a user as the first owner of this organization. In addition, it does not receive any permissions against this new organization – the management of the organization must be used with an application, which is then installed on this organization.
Provide use of company installations and feedback
We will continue to announce new API support for Github apps if new authorizations enter into online. If you only need another API that has completed your automation, or you find that permission does not allow you to access you had hoped for, we would like to listen to your feedback in our community discussions. We prioritize the APIs, which see the greatest traffic and the core scenarios for corporate management.
For more information about Enterprise installations, see “Install a Github app in your company”.