User Problem

Enterprise admins need to maintain strict control over third-party app authorisations to protect organisational data. Currently, enabling the global block on third-party tokens in Trello Enterprise prevents all users from authorising any non-Atlassian integrations—including Power-Ups that have already been allowlisted by the admin team. The business need is to allow users to authorise only those Power-Ups that have been explicitly allowlisted, while continuing to block authorisation for all other third-party apps.

This level of granular control is essential for organisations with large user bases who want to permit certain vetted integrations without opening up the risk associated with general third-party token creation.

Suggested Solutions

• Add an option in the Enterprise Admin Dashboard to allow managed users to authorise only those third-party Power-Ups that are on the organisation’s allowlist.

• Only block token authorization for Power-Ups and apps that are not allowlisted.

• Provide clear UI feedback for both admins and end-users about which Power-Ups are authorized and which are blocked due to admin policy.

Current Workarounds

• None available. Currently, admins must choose between blocking all third-party token creation (which prevents even allowlisted Power-Ups from functioning properly) or allowing all third-party tokens (which increases security risk and reduces admin control).