If your app users are all part of a corporate domain, you can use domain security groups to control access to an AppSheet app.

The advantage of this approach is that access control decisions can be made at one spot rather than in each app. For example, if there is a domain security group called 'Admins', you can set up your app to only be accessible to members of this group. As specific employees are added or removed from the group, their access to the app dynamically changes as well.

Using domain groups requires a corporate plan. Further, the app creator account needs to have permissions to read the list of groups from the domain and to read the membership of individual groups. To set this up:

  1. In the Account page, go to the Auth Domains tab and add a new auth source. By adding an auth source, you are giving AppSheet permissions to read the list of groups and the group membership for any domains that your account has access to.
  2. In the app editor, go to the Security tab and the Domain Integration pane. Enable the option to require domain authentication. You will then need to choose the domain auth source (what you added in step 1), the domain name (eg: mycompany.com) and the group name (eg: Admins)
  3. Save your changes

Your app is now accessible to anyone explicitly on the user whitelist and additionally to anyone in the domain security group chosen. It would be a recommended good practice to remove users from the whitelist and manage security entirely through the domain security group.

Did this answer your question?