Feedback Request Confluence Public Links

Hey @Nidhi Raj

All of the above for sure and maybe being able to configure who (users) can create public links.

Thanks!

Crucial feature. All items should be :D 

Admins should have a view of all pages that have been shared with Public Links. Not just to know which spaces/pages can be shared, but a dashboard that shows every page that has been shared publicly. 

Only the page content should be shared. No side bar. No menu bar. No detail of who has contributed or edited a page. Just the page content. 

Thank you for your input! We're actively noting your feedback, so keep them coming! 

I think those features will be really useful as you sometimes want to share content without making the page public. 

A list of all shared pages within the site would be a really (if not the most) useful feature for this + all the things that are mentioned in the original post.

As for the visibility of the items, I guess things like the sidebar or menu don't need to be visible. However, in some cases, it would be nice to know the page creator/editor - this could, potentially, be something that could be configured while creating a public link. (it's more like a nice-to-have than a need-to-have option)

💡 One more thing regarding integration - it would probably be cool if this feature would be integrated with Beacon so alerts are made if big number of public links are created within a small amount of time (or by the same person).

Space admin can set expiry date for public links;

Space admin can set expiry for the link after specific number of page load;

your original list, plus the request from Andy Gladstone and Hadi Hormozi. Plus ability to see what page is shared with whom and be able to block users. Or in an other sort order, see what users can see what content (links). This should be colapsed by mail domains of the users. 

To be able to share content externally must be a separate authorization for a person.

I even would like to see a feature where the Site Admin can set the rule how many month until re-validation (up to 12). By then, once a month, the person granting the access will get a list of users he shared content with and can checkmark. Either he prolongates the access, have the external confirm his continous need or reject it. Such an access should never stay longer than 12 month without revalidation.

All of the original bullet points + the suggestions by Andy Gladstone and Hadi Hormozi.

Option to share child pages of the page would be good also (we are using the External Share plugin currently which has this option).

Thanks!

There should be an option to set the visibility for certain duration (may be a date/time format) after which links will remain visible but not accessible and can be accessed after taking prior permission from the owner or admin.

Approval: I don't mind if anyone generates it but I'd love to have a fixed set of employees who can review the content and approve/deny accordingly. 

Notification: If approvals is not likely, at least a notification so it can go be reviewed (maybe a daily report of all links). 

As Hadi Hormozi mentioned, expiration dates set by admins. 

Site admins need to be able to remove the public links, and also have the option to be notified when someone creates a public link. 

Hi Confluence Cloud Admins!

Thank you for your continued engagement, your input has certainly helped us make several decisions already. One other that I would love to hear from you on:

Commonly, products allow users to share with little to no friction. In Confluence, we prioritize trust. We plan to introduce the warning dialog below when an end user attempts to turn on Public Link for a page and allow them to dismiss it if they wish to.

Would love to hear your thoughts regarding the warning dialog for end users - is it needed? Any thoughts on the dismissibility?

Hi @Nidhi Raj

As much as we want to trust our users, I think this feature would automatically be rejected or disabled by your enterprise-level customers.

Just my 2 cents ;)

Cheers!

I like the dialogue, but users are not the guardians of security. They will do what they need to do to share something. Users cannot be trusted. They will click "Dont show me this again" and share things. But its a good feature as long as sysadmins have are notified and have a list of shared pages they can revoke.

Regarding the warning dialog, I agree with what @Steven Rhodes said - it's a good 'nice-to-have' feature and I believe users should be prompted to confirm that they want to share the page externally/turn on public links, but the important part is that admins have full control over this feature and clear visibility of what is shared together with an option to turn on some kind of notification whenever the public link is created.

I agree with Steven. I'd like to see that only admins or selected users could be the only ones who can share links. Definitely need the confirmation box. Also I'd like as an admin to know who has shared what with who in a report and an ability to revoke the shared link. Having a feature where there is an expiry date is a must.

I agree on @Steven Rhodes and @Wayne_Reilly's comment above, here are few feedback from security standpoint while considering this new feature.

• Alligning this to the internal data classification policy - Confidential, internal and public, the public link can apply to share the data that can be classified as public.
• The view only version disabled with all other navigation controls (hidden or not shown).
• Product admins ability to be notified when a public link is created and ability to revoke whenever required
• Space admins ability to add or block a specific page from being public, with product admins ability to see what has gone public.
• Time-Based access: Product admin/space admins ability to turn the public link only for a specific period/days that will prevent access to the page beyond certain period.
• Some other nice to have security controls if its feasible such as Password protection, 2FA, Role based access (authorised users only to access the page), IP Address restriction.
  
  Recommendation to the Confluence Permission team to ensure that the feature is designed with security in mind and with the collaboration of security professionals to assess potential risks and identify further security controls required to mitigate these risks.

From one of our team: 

A functional requirement for me would the ability to download attachments (templates) contained in the page. E.g. People engaged in change enablement able to download the RFC template that is embed/attached to a confluence page.

Such great feedback, thank you all so much! While we may not be able to get everything in our first iteration, you can know that our intention is to incrementally rollout value to you. Please keep the input flowing, we really value your time and suggestions! 

Great to see the progress on this feature.

I second with @Bikash Pokhrel security features are Key when content is shared to public. Admins should have full control while sharing the pages in addition to the notification when someone views, downloads..etc. 

Yes, this would be extremely helpful for us to create self-help guides for customers that can also be part of internal training spaces so we keep our single source of truth going!

• all the things that are mentioned in the original post
• better formatting (some panels are shown on the public page, some aren't)
• set an expiry date
• get a list of all public links for admins

Hi All!

I posted an exciting update here about Confluence Public Links!