Ferndesk
Authentication

Access Control

Access control decides whether your help center is open to everyone or only available after sign-in.

Choose Open if anyone should be able to browse. Choose Locked if visitors must sign in first. Collections and articles follow that default unless you restrict them further.

Private help centers, user groups, and audience controls require a Scale or Enterprise plan.

Authentication Methods

When your help center is locked, configure at least one sign-in method. You can enable multiple methods and users will see all options on the sign-in page.

  • Magic Links: Users enter their email and receive a one-time sign-in link. Set up Magic Links.

  • Single Sign-On (OIDC): Connect an identity provider like Okta, Auth0, or Google Workspace so users sign in through your existing system. Set up OIDC SSO.

  • JWT Identify: Your backend signs a JWT that authenticates users silently without a separate sign-in flow. Set up JWT authentication.

  • Shared Password: One password for all users. Shared password users have no individual identity, so user-group restrictions do not apply. Set up Shared Password.

Audience Hierarchy

Access flows from help center to collection to article, narrowing at each level:

  • Help center: Open or Locked sets the baseline.

  • Collection: Follows the help center's mode by default. You can restrict to signed-in users or specific groups.

  • Article: Can only narrow the collection's audience, never widen it.

Use collections to set broad access rules, then restrict individual articles as needed. For managing which users belong to which groups, see User groups.

Was this helpful?