Actions allow GPTs to call third-party APIs to accomplish tasks, such as retrieving data from a third party, modifying data in an external source, or triggering an action in an external system.
ChatGPT Enterprise customers can limit the domains that can be used by GPT builders in their workspaces in the Workspace settings. By creating an allow list of only select domains, Enterprise workspaces can enforce tighter control on the external systems that their users are able to access with GPT actions:
You can set your allowlist policy to only allow specific domains to integrate with your workspace.
You can set your policy to allow all domains if those controls are already present in another system in your organization.
Only a ChatGPT Enterprise workspace Owner can update the domains allowed for a workspace. If you are not an Owner, please contact the Owner of your workspace separately to add more domains.
If you’re a workspace owner, you can access your GPT Actions setting by doing the following:
Click on your profile icon in the ChatGPT homepage.
Select Manage Workspace in the pop-up menu.
On the Admin page, select GPTs in the menu on the left side of the page.
Scroll down the page and find the Actions header.
Enabling “Allow all domains for GPT Actions” will allow all GPT actions in a workspace and override the list of allowed domains. Leave this unchecked if you plan to only allowlist a specific set of domains.
To allowlist a domain, select Add new domain under Domains. In the modal, … [still need confirmation of modal behavior and UI]
Does allowing a domain also allow its subdomains?
Yes, for any domain allowlisted, its subdomains will also be allowlisted. This means that you do not need to use wildcards to enable subdomains. For example, allowlisting openai.com will also allowlist api.openai.com.
Please note that allowlisting a subdomain will not allowlist its domain.
Can ChatGPT Enterprise workspaces disable/block GPT actions in their workspace?
Yes. To block all GPT custom action in a ChatGPT Enterprise workspace, ensure the following is set:
“Allow all domains for GPT Actions” is not checked.
There are no domains listed under Domains.
When this is the case, you will see “No domains added. No GPT Actions will be allowed.” This confirms that GPT actions are disabled for the workspace.
What error will users see if they attempt to use a GPT that contains a disallowed domain?
If a member of a workspace attempts to use a GPT that contains a disallowed domain, they will see a "GPT inaccessible or not found" error message.
Only workspace Owners can use GPTs with non-compliant actions or disallowed domains. This allows a workspace Owner to test the GPT before allowlisting the required domain.
What error will users see if they attempt to create a GPT that contains a disallowed domain?
If a workspace user attempts to create a GPT with a GPT action that uses a disallowed domain, we will automatically remove the violating GPT action. The GPTs cannot be saved until the violating GPT action is removed.