Organization owners can enable third-party access restrictions to prevent untrusted applications from accessing the organization's resources while allowing organization members to use third-party applications for their personal accounts.

When you create a new organization, third-party applications are restricted by default. Organization admins can disable third-party application restrictions at any time.


  • Enabling third-party application restrictions will revoke organization access for all previously authorized applications and SSH keys. For more information, see "About third-party application restrictions."

  • Once you've set up access restrictions, make sure to re-authorize any applications that require access to the organization's private data on an ongoing basis. All organization members will need to create new SSH keys, and the organization will need to create new deploy keys as needed.

  1. In the top right corner of GitHub, click your profile photo, then click Your profile. Profile photo

  2. On the left side of your profile page, under "Organizations", click the icon for your organization. organization icons

  3. Under your organization name, click Settings. Organization settings button

  4. In the Settings sidebar, click Third-party access. Third party access sidebar

  5. Under "Third-party application access policy," click Setup application access restrictions. Set up restrictions button

  6. After you review the information about third-party access restrictions, click Restrict third-party application access. Restriction confirmation button