Admin security controls

In this article, you'll learn how to edit guest invite settings, controls for file attachments, team privacy settings, and how to define your organization's admins and super admins.

Related articles

Manage organization admins

From your admin console, you can determine your organization’s admins and super admins. From the Security tab, under Admin Controls, click Admin access to determine the admins for your organization. 

organizations admins

Organization admins have edit access to the company’s mission statement.

Guest invite settings

Super admins of Asana Enterprise and Enterprise+ tiers, as well as legacy tier Legacy Enterprise organizations or divisions can control who can invite organization guests (those without a company email address) into your Asana organization. Super admins can select one of these options:

  • Admins only

  • Admins and members

  • Admins, members, and guests

To enable one of these options, navigate to the Security tab of the admin console, click Admin Controls, and click Guest invite settings.

Once this has been enabled, those who no longer have the ability to invite organization guests will receive an error message when trying to do so.

Trusted guest domains

Available on the Asana Enterprise+ tier.

Admins and super admins can create a list of approved external domains from which users with guest invite permissions can invite guests. 

Guest invites can only be sent to those email domains on the approved list, ensuring greater security and control over your organization's collaborations. If a user attempts to send a guest invite to someone from an unlisted domain, they will receive an error message.

Setting up trusted guest domains

Trusted guest domains can only be enabled if guest invite permissions are set to Admins and members or Admins, members, and guests. The feature cannot be activated if guest invite permissions are set to Admins only.



  1. Navigate to the Security tab of the Admin Console
  2. Under Admin Controls, click Guest invite settings
  3. Within the Trusted guest domains section, select Only trusted domains
  4. Click Add domains and type in the domains you trust. Click Add domains again to confirm.

Ensure the domains are an exact match. Adding the domain does not cover subdomains like or Such subdomains must be added separately.


Removing trusted guest domains

Find the domain in the list you want to remove, click the trash icon, and confirm your choice by pressing save.

Deactivating the trusted guest domains feature:

To revert the settings, simply switch the trusted guest domains control back to Any domain.

Disabling file attachments

The ability to disable file attachments is available to super admins on the Asana Enterprise+ tier, as well as legacy tier Legacy Enterprise.

The disabling file attachments feature allows super admins to ensure that Asana implementations across their organization meet all security and consistency requirements related to blocking any file attachments that are restricted as per their company’s security policies and preferred file integrations.

This feature gives better controls at a domain level to ensure strict upload policies in accordance with their organizational requirements.

IT admins will also have a quick way to enable or disable one or more or all of computer, Dropbox, Google Drive, Box and Onedrive / Sharepoint upload sources as per their company’s IT security policies and have it applied across all Asana product surface areas where attachments can be added.

How to access your file attachment options

Super admins can access their file attachments options settings through the Security tab of their admin console.

From the Security tab, scroll down to Admin controls and click File attachment options.

File attachment options

The default setting is all attachments are enabled.

File attachment options 2

From the next window, you can select your file attachment preferences.

Unchecking “Allow attachments from Asana apps, API, and other features”

unchecking attachments

Deselecting this will disable attachment types on

  • Web attachments
  • Mobile
  • API
  • Copy and paste
  • Forms
  • Drag and drop
  • Email forwarding

Disabling attachments from third party apps

To prevent the ability to attach files from third-party apps, you can block them from the Apps tab or select the desired app from the pop-up window. This means that the ability to add attachments from Dropbox, Google Drive, Box, and OneDrive/ SharePoint will no longer be allowed.

Disabling attachments on mobile

There’s no differentiation on the mobile app on attachments between uploads from third party apps and attachments from the device. This is because everything downloads to the device first.

The only way to disable on mobile is by disabling allow attachments from Asana's apps, API, and other features.

disabling file attachments on mobile

Team privacy settings

Super admins for Enterprise and Enterprise+, as well as legacy tier Legacy Enterprise organizations can set a default privacy level for teams in their organization.

When set, this will be the pre-selected option when creating a new team. Team creators can still create teams with other privacy levels as they choose.

To set your default privacy settings navigate to your admin console and click on the Security tab. Then, click on Team privacy settings.

team privacy settings 2

From the next tab, you can select your default setting.

Was this article helpful?

Thanks for your feedback