Our enterprise has over 40 orgs in it. The aim of this particular app is to generate some reports on all of our repos. If I make the app public then anyone (not belonging to our orgs) could potentially install the app and that would skew the data we’re trying to gather. If I make the app private then wouldn’t I have to create 40+ apps so that each org could then install it? I’m hoping there’s some middle ground or better approach.
It’s on my wish list and I’ve shared that feedback with the ecosystem team.
Today, we have a 2-step process for apps at Microsoft related to repo inventory: anyone can install the app, but it’s not until it’s “adopted” by our system, where we mark the installation ID as confirmed Microsoft, that we actually collect any data or integrate it into systems.
It’s not ideal, but it then lets us run an occassional job to cleanup anything that seems out of place.
Thanks! We’ve pretty much come to the same conclusion. So for now that’s the best way of dealing with this scenario.