github
diff --git a/‎content/admin/managing-your-enterprise-account/adding-and-removing-github-app-managers-in-your-enterprise.md
Lines changed: 45 additions & 0 deletions b/‎content/admin/managing-your-enterprise-account/adding-and-removing-github-app-managers-in-your-enterprise.md
Lines changed: 45 additions & 0 deletions
diff --git a/‎content/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise.md
Lines changed: 12 additions & 5 deletions b/‎content/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise.md
Lines changed: 12 additions & 5 deletions
diff --git a/‎content/admin/managing-your-enterprise-account/index.md
Lines changed: 1 addition & 0 deletions b/‎content/admin/managing-your-enterprise-account/index.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md
Lines changed: 10 additions & 6 deletions b/‎content/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps.md
Lines changed: 10 additions & 6 deletions
diff --git a/‎content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md
Lines changed: 3 additions & 3 deletions b/‎content/apps/creating-github-apps/about-creating-github-apps/deciding-when-to-build-a-github-app.md
Lines changed: 3 additions & 3 deletions
@@ -0,0 +1,45 @@
+---
+title: Adding and removing GitHub App managers in your enterprise
+intro: 'Enterprise owners can grant or revoke access for a user to manage individual {% data variables.product.prodname_github_apps %} owned by the enterprise.'
+versions:
+  feature: enterprise-app-manager
+type: how_to
+topics:
+  - Enterprise
+  - GitHub Apps
+permissions: Enterprise owners.
+shortTitle: Enterprise App managers
+---
+
+## About {% data variables.product.prodname_github_app %} managers
+
+Enterprise owners can designate other users in their enterprise as {% data variables.product.prodname_github_app %} managers for individual apps. {% data variables.product.prodname_github_app %} managers can manage the settings of specific {% data variables.product.prodname_github_app %} registrations that are owned by the enterprise. The {% data variables.product.prodname_github_app %} manager role does not grant recipients access to install and uninstall {% data variables.product.prodname_github_apps %} on an enterprise or organization. For more information about the specific app settings that {% data variables.product.prodname_github_app %} managers can control, see [AUTOTITLE](/apps/maintaining-github-apps/modifying-a-github-app).
+
+When an enterprise app manager adds permissions to a {% data variables.product.prodname_github_app %}, the update is automatically accepted in all organizations where the app manager is also an organization owner. When an enterprise owner adds permissions to a {% data variables.product.prodname_github_app %}, the update is automatically accepted in all organizations regardless of their organization membership.
+
+## Granting the ability to manage an individual {% data variables.product.prodname_github_app %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.github-apps-tab %}
+
+1. Under "{% data variables.product.prodname_github_apps %}", click on the avatar of the app you'd like to add a {% data variables.product.prodname_github_app %} manager for.
+1. In the left sidebar, click **App managers**.
+1. At the bottom of the "App managers" section, in the search field, type the username of the person you want to designate as a GitHub App manager for the app, then click **Grant**.
+
+The user must be a member of the enterprise to be granted {% data variables.product.prodname_github_app %} manager permissions.
+
+## Removing managers from an individual {% data variables.product.prodname_github_app %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.github-apps-tab %}
+
+1. Under "{% data variables.product.prodname_github_apps %}", click on the avatar of the app you'd like to remove a {% data variables.product.prodname_github_app %} manager from.
+1. In the left sidebar, click **App managers**.
+1. Under "App managers", next to the person you want to remove {% data variables.product.prodname_github_app %} manager permissions from, click **Revoke**.
+
+## Further reading
+
+* [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise)
+* [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers)
@@ -1,6 +1,6 @@
 ---
 title: Creating GitHub Apps for your enterprise
-intro: 'Learn how to create a {% data variables.product.prodname_github_app %} for organizations within your enterprise.'
+intro: 'Learn how to create a {% data variables.product.prodname_github_app %} for your enterprise.'
 versions:
   feature: enterprise-apps-public-beta
 type: how_to
@@ -10,13 +10,18 @@ permissions: Enterprise owners.
 shortTitle: Create a GitHub App
 ---
 
-You can create a {% data variables.product.prodname_github_app %} under your enterprise account. The app can only be installed on organizations within your enterprise, and can only be authorized by members of your enterprise. The app can't be installed on user accounts.
+You can create a {% data variables.product.prodname_github_app %} under your enterprise account. The app can only be installed on{% ifversion enterprise-installed-apps %} your enterprise or{% endif %} organizations within your enterprise, and can only be authorized by members of your enterprise. The app can't be installed on user accounts.
 
 ## Step 1: Registering a {% data variables.product.prodname_github_app %}
 
 To create a {% data variables.product.prodname_github_app %}, you must first register the app. See [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/registering-a-github-app).
 
 Apps can also be transferred to an enterprise from a member or organization. To transfer an app, see [AUTOTITLE](/apps/maintaining-github-apps/transferring-ownership-of-a-github-app).
+{%- ifversion enterprise-app-manager %}
+
+### Step 1a: Adding an enterprise app manager
+
+Enterprise owners can add enterprise members to an app as an app manager. App managers can manage the app's settings and credentials, but cannot install the app. For more information, see [AUTOTITLE](/apps/maintaining-github-apps/about-github-app-managers).{% endif %}
 
 ## Step 2: Building a {% data variables.product.prodname_github_app %}
 
@@ -30,11 +35,11 @@ After registering a {% data variables.product.prodname_github_app %}, you will w
 
 You should aim to follow best practices. See [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/best-practices-for-creating-a-github-app).
 
-## Step 3: Authorizing or sharing your {% data variables.product.prodname_github_app %}
+## Step 3: Authorizing or installing your {% data variables.product.prodname_github_app %}
 
-Once your {% data variables.product.prodname_github_app %} is registered, you'll need to make it available to organizations in your enterprise, either through **authorization** or **installation**, depending on the app’s purpose.
+Once your {% data variables.product.prodname_github_app %} is registered, you'll need to make it available for use, either through **authorization** or **installation**, depending on the app’s purpose.
 
-Enterprise owners can modify the permissions for apps owned by their enterprise at any time. Permissions changes will be automatically accepted by organizations in the enterprise.
+Enterprise owners {% ifversion enterprise-app-manager %}and app managers {% endif %}can modify the permissions for apps owned by their enterprise at any time. Permissions changes will be automatically accepted by organizations in the enterprise{% ifversion enterprise-app-manager %} if the change was made by the enterprise owner. Otherwise, the changes will be accepted only where the app manager is also an organization owner, and an organization owner must accept the update request for all other organizations{% endif %}.
 
 ### Step 3a: Authorizing your {% data variables.product.prodname_github_app %}
 
@@ -47,3 +52,5 @@ For apps that require installation to function, you can provide organization own
 ## Step 4: Installing your {% data variables.product.prodname_github_app %} (if required)
 
 If your {% data variables.product.prodname_github_app %} requires installation (not just authorization), organization owners can use the install link to install the app on their organization. See [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-from-a-third-party).
+
+{% ifversion enterprise-installed-apps %}If your app uses enterprise permissions, you can install it on your enterprise. To find the installation link, go to the app's settings page in your enterprise account. See [AUTOTITLE](/apps/using-github-apps/installing-a-github-app-on-your-enterprise).{% endif %}
@@ -11,5 +11,6 @@ children:
   - /deleting-an-enterprise-account
   - /changing-the-url-for-your-enterprise
   - /creating-github-apps-for-your-enterprise
+  - /adding-and-removing-github-app-managers-in-your-enterprise
 shortTitle: Manage enterprise account
 ---
@@ -31,10 +31,10 @@ Common use cases for {% data variables.product.prodname_github_apps %} include:
 
 Like {% data variables.product.prodname_oauth_apps %}, {% data variables.product.prodname_github_apps %} use OAuth 2.0 and can act on behalf of a user. Unlike {% data variables.product.prodname_oauth_apps %}, {% data variables.product.prodname_github_apps %} can also act independently of a user.
 
-{% data variables.product.prodname_github_apps %} can be installed directly on organizations and personal accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions.
+{% data variables.product.prodname_github_apps %} can be installed directly on {% ifversion enterprise-installed-apps %}enterprises, {% endif %}organizations and personal accounts and granted access to specific repositories. They come with built-in webhooks and narrow, specific permissions.
 
 {% ifversion enterprise-apps-public-beta %}
-You can also create an enterprise-owned {% data variables.product.prodname_github_app %} that can only be installed on organizations within your enterprise, and can only be authorized by members of your enterprise. For more information, see [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise).
+You can also create an enterprise-owned {% data variables.product.prodname_github_app %} that can only be installed on{% ifversion enterprise-installed-apps %} the enterprise itself or{% endif %} organizations within your enterprise, and can only be authorized by members of your enterprise. For more information, see [AUTOTITLE](/admin/managing-your-enterprise-account/creating-github-apps-for-your-enterprise).
 {% endif %}
 
 {% data reusables.apps.app_manager_role %}
@@ -47,11 +47,11 @@ Then, you need to write code to add functionality to your {% data variables.prod
 
 Once you have written the code for your {% data variables.product.prodname_github_app %}, your app needs to run somewhere. If your app is a website or web app, you might host your app on a server like [Azure App Service](https://azure.microsoft.com/products/app-service/). If your app is a client-side app, it might run on a user's device.
 
-To use your {% data variables.product.prodname_github_app %}, you need to install it on your organization or personal account.
+To use your {% data variables.product.prodname_github_app %}, you need to install it on your {% ifversion enterprise-installed-apps %}enterprise, {% endif %}organization or personal account.
 
-* If your {% data variables.product.prodname_github_app %} is **private**, you can only install it on the account that owns the app. {% ifversion restrictive-app-authz %}If it's owned by an organization, only members of the organization can sign in to it. If it's owned by your user account, only you can sign in to it.{% endif %}
-* If your {% data variables.product.prodname_github_app %} is **public**, other users and organizations can also install it. Anyone can sign in to it.{% ifversion enterprise-apps-public-beta %}
-* If your {% data variables.product.prodname_github_app %} is owned by an **enterprise**, you can install it on any organization within that enterprise.{% ifversion restrictive-app-authz %} Only members of the enterprise can sign in to it.{% endif %}{% endif %}
+* If your {% data variables.product.prodname_github_app %} is **private**, you can only install it on the account that owns the app.
+* If your {% data variables.product.prodname_github_app %} is **public**, other accounts can also install it.{% ifversion enterprise-apps-public-beta %}
+* If your {% data variables.product.prodname_github_app %} is owned by an **enterprise**, you can install it on {% ifversion enterprise-installed-apps %}the enterprise itself or {% endif %}any organization within that enterprise.{% endif %}{% ifversion restrictive-app-authz %} Only members of the enterprise can sign in to it.{% endif %}
 
 For more information, see [AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app) and [AUTOTITLE](/apps/sharing-github-apps/sharing-your-github-app).
 
@@ -80,6 +80,10 @@ Some examples of automations you could create with a {% data variables.product.p
 
 If you want your app to respond to events on {% data variables.product.prodname_dotcom %}, your app should subscribe to webhooks. For example, you may want your app to leave a comment when a pull request is opened. For more information, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/using-webhooks-with-github-apps).
 
+{% ifversion enterprise-installed-apps %}
+Apps installed on enterprises do not currently support webhooks, and must be installed on an organization to receive them.
+{% endif %}
+
 ### {% data variables.product.prodname_github_apps %} that can take certain actions
 
 When you set up your {% data variables.product.prodname_github_app %}, you can select specific permissions for the app. These permissions determine what the app can do via the {% data variables.product.prodname_dotcom %} API, what they can do on behalf of a signed in user, and what webhooks the app can receive. For more information, see [AUTOTITLE](/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app).
@@ -53,7 +53,7 @@ The rate limit for {% data variables.product.prodname_github_apps %} using an in
 In general, {% data variables.product.prodname_github_apps %} and {% data variables.product.prodname_oauth_apps %} can make the same API requests. However, there are some differences:
 
 * The REST API to manage check runs and check suites is only available to {% data variables.product.prodname_github_apps %}.
-* Enterprise-level resources such as the enterprise object itself are not available to {% data variables.product.prodname_github_apps %}. This means that {% data variables.product.prodname_github_apps %} cannot call endpoints like `GET /enterprise/settings/license`. However, enterprise-owned organization and repository resources are available.
+* {% ifversion enterprise-installed-apps %}Not every enterprise-level API supports {% data variables.product.prodname_github_apps %} at this time. New permissions are being added to support more APIs. Check [AUTOTITLE](/enterprise-cloud@latest/rest/authentication/permissions-required-for-github-apps) to review the list of supported enterprise permissions and APIs.{% else %}Enterprise-level resources such as the enterprise object itself are not available to {% data variables.product.prodname_github_apps %}. This means that {% data variables.product.prodname_github_apps %} cannot call endpoints like `GET /enterprise/settings/license`. However, enterprise-owned organization and repository resources are available.{% endif %}
 * Some requests may return incomplete data depending on the permissions and repository access that was granted to an {% data variables.product.prodname_github_app %}. For example, if your app makes a request to get all repositories that a user can access, the response will only include the repositories that the app was also granted access to.
 
 For more information about the REST API endpoints that are available to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/rest/overview/endpoints-available-for-github-apps).
@@ -62,7 +62,7 @@ For more information about the REST API endpoints that are available to {% data
 
  If you want to access {% data variables.product.prodname_dotcom %} resources on behalf of a user or in an organization, or you anticipate a long-lived integration, we recommend building a {% data variables.product.prodname_github_app %}.
 
- You can use {% data variables.product.pat_generic_plural %} for API testing or short-lived scripts. Since a {% data variables.product.pat_generic %} is associated with a user, your automation could break if the user no longer has access to the resources you need. A {% data variables.product.prodname_github_app %} installed in an organization is not dependent on a user. Additionally, unlike a user, a {% data variables.product.prodname_github_app %} does not consume a {% data variables.product.company_short %} {% ifversion enterprise-licensing-language %}license{% else %}seat{% endif %}.
+ You can use {% data variables.product.pat_generic_plural %} for API testing or short-lived scripts. Since a {% data variables.product.pat_generic %} is associated with a user, your automation could break if the user no longer has access to the resources you need. A {% data variables.product.prodname_github_app %} installed on an {% ifversion enterprise-installed-apps %}enterprise or {% endif %}organization is not dependent on a user. Additionally, unlike a user, a {% data variables.product.prodname_github_app %} does not consume a {% data variables.product.company_short %} {% ifversion enterprise-licensing-language %}license{% else %}seat{% endif %}.
 
 {% data variables.product.company_short %} supports two types of {% data variables.product.pat_generic_plural %}, but recommends that you use {% data variables.product.pat_v2 %}s instead of {% data variables.product.pat_v1_plural %} whenever possible. For more information about {% data variables.product.pat_generic_plural %}, see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#types-of-personal-access-tokens).
 
@@ -72,7 +72,7 @@ For more information about the REST API endpoints that are available to {% data
 
 _{% data variables.product.prodname_actions %}_ provide automation that can perform jobs like continuous integration, deployment tasks, and project management in a repository. They run directly on {% data variables.product.prodname_dotcom %}-hosted runner machines or self-hosted runners that your administrator sets up. {% data variables.product.prodname_actions %} do not run persistently. {% data variables.product.prodname_actions %} workflows run in response to events that occur in their repository, and only have access to the resources of the repository that they are set up for. However, custom actions can be shared across repositories and organizations, allowing developers to reuse and modify existing actions to meet their needs. {% data variables.product.prodname_actions %} also come with built-in secret management, which you can use to securely interact with third-party services and manage deploy keys safely.
 
-_{% data variables.product.prodname_github_apps %}_ run persistently on a server or compute infrastructure that you provide or run on a user device. They can react to {% data variables.product.company_short %} webhook events as well as events from outside the {% data variables.product.prodname_dotcom %} ecosystem. They are a good option for operations that span multiple repositories or organizations, or for providing hosted services to other organizations. A {% data variables.product.prodname_github_app %} is the best choice when building a tool with functions that occur primarily outside of {% data variables.product.prodname_dotcom %} or require more execution time or permissions than what a {% data variables.product.prodname_actions %} workflow is allotted.
+_{% data variables.product.prodname_github_apps %}_ run persistently on a server or compute infrastructure that you provide or run on a user device. They can react to {% data variables.product.company_short %} webhook events as well as events from outside the {% data variables.product.prodname_dotcom %} ecosystem. They are a good option for operations that span multiple repositories or organizations, or for providing hosted services to other organizations and enterprises. A {% data variables.product.prodname_github_app %} is the best choice when building a tool with functions that occur primarily outside of {% data variables.product.prodname_dotcom %} or require more execution time or permissions than what a {% data variables.product.prodname_actions %} workflow is allotted.
 
 For more information about comparing {% data variables.product.prodname_actions %} to {% data variables.product.prodname_github_apps %}, see [AUTOTITLE](/actions/creating-actions/about-custom-actions#comparing-github-actions-to-github-apps).