Public Access Controls
By default a public Space does not have any authentication method, but you can choose and set a few:
- Space-wide password;
- Guest Accounts, where you manually create email + password combos and distribute them to your users;
- Magic Links, where you enter specific emails or entire domains, and users will authenticate using a link that we send to their email address;
- Private Links, where you can generate private links and share them with your users and teams. Manage access control per user group via links;
- JWT, where your dev team generates a JWT with a secret key you provide in our UI, then pass it back to us as part of a link. This is the easiest to manage, but you will require developer time.
- SAML, when you have an external application that can act as a router to your space domain, so the public portal can be acessed only by members setted in providers like Google, Azure, Okta.
The default behaviour is set as None, meaning it is available publicly. You can change to controls to limit the access for readers.
Everyone with the link will be able to read content.
Links are safe to share because they are cryptographically generated and unguessable.
When you want to gate the contents to specific readers, try any of the options below.
Create guest accounts. Everyone with the link and a guest account will be able to read the content. Guest accounts are not charged as seats in Archbee.
Users will be able to authenticate to your space with their email address if you add their email address or their email domain to the list below. Everyone with the link and a matched account will be able to read the content. Accounts are not charged as seats in Archbee.
Generate Private links for specific user groups/teams. Each user group/team will have their own link to the same documentation and you can manage access control via this links. You need to cut access for team 1? Delete the private link associated with team 1.
Go to the Spaces settings, and set a JWT secret key that you generate on your server
Go to the Spaces settings, and set a JSON WEB Key Set URL. A JSON Web Key Set (JWKS) URL is a URL endpoint where a server publishes its public keys in JSON format.
The JWKS URL typically points to a JSON document that contains an array of cryptographic keys used for verifying signatures.
When Archbee receives a JWT, it can retrieve the corresponding public key from the JWKS URL and use it to verify the JWT's signature, ensuring that the token hasn't been tampered with and was indeed issued by a trusted party.
A JWKS URL provides a standardized way for clients to obtain the public keys needed to verify JWT signatures in a secure and scalable manner.
This is a sample jwks.json file:
Use one of the examples below to generate the JWT token.
You also need to replace the URL with the subdomain of your documentation site.
Here is an example to generate a JWT token with .NET: https://github.com/dragosbulugean/archbee-jwt-dotnet
JWT tokens are bypassed on Preview/Staging
SAML can be configured for public space access in the same way as for team integration, see SAML Integration for more detailed steps regarding setting up each provider.
Note that just the metadata URL is needed as input. Also, we assume the space is already hosted on a custom domain.
In this way, the published space link will be routed through the new SAML application; thus, only members set up in the provider application can access the public portal.
