Ferndesk
2026

June 3rd, 2026

Not everyone should see the same docs.

Enterprise customers deserve configuration guides that free users don't. Partners need integration docs behind NDAs. Your support team sees different docs than HR or engineering.

Today we're shipping User Groups and Shared Passwords, so you can control who sees what.

  • User Groups: Restrict collections and articles to specific groups. Enterprise customers see advanced setup guides. Partners see integration docs. Internal teams see troubleshooting playbooks. You decide.

  • Shared Password: One password grants access to your locked help center. Simple for customer portals, partner KBs, and teams without an identity provider.

Set up user groups

User Groups

When we launched private help centers, the choice was binary: open to everyone, or locked for signed-in users. That works for simple customer-only knowledge bases, but it falls apart when you need nuance.

Enterprise customers need advanced configuration guides that self-serve users don't. Partners need integration docs locked behind NDAs. Different internal teams need different docs—Support,HR, and Engineering don't need access tothe same content.

User Groups solve this.

Create groups like "Enterprise," "Partners," or "Support." Then restrict collections or individual articles to those groups. Access flows downward: lock the help center first, then narrow at the collection level, then narrow again at the article level. You can't widen permissions at a lower level.

This is especially useful for:

  • Tiered customer content — Enterprise and Pro customers see advanced guides, onboarding playbooks, and configuration docs that free or self-serve users don't.

  • Partner portals — Integration guides, API references, and co-branding assets available only to partners with NDAs.

  • Internal knowledge bases — Different teams see different docs. Support gets troubleshooting playbooks. HR gets policies. Engineering gets runbooks.

Learn how user groups work

User groups require a Scale or Enterprise plan.

Shared Password

Not every team needs SSO. Sometimes you just want a simple way to gate access without configuring Okta or Auth0.

Shared Password is the simplest way to lock down a help center. Set one password. Share it with customers, partners, or your team. Anyone with the password can sign in and browse.

It's ideal for:

  • Customer-only knowledge bases — Give the password to paying customers via email or onboarding.

  • Partner portals — A single credential for all your integration partners.

  • Internal docs — Share one password with your team. No identity provider required.

You can mix and match auth methods, too. Enable Shared Password for simple access, and keep OIDC or Magic Links for users who prefer them.

Shared Password users have no individual identity, so user group restrictions don't apply. For group-based access, use OIDC or Magic Links instead.

Other improvements

  • Added a confirmation dialog when disabling shared passwords, with a reminder that existing sessions stay valid until they expire.

  • Improved the Access Control settings page with clearer navigation between Access, Groups, and Users tabs.

  • Fixed an issue where locked help centers would sometimes redirect improperly after sign-in.

Was this helpful?