Deutsch Español Français 日本語

Articles in this section

Sharing policy on Enterprise plan

Sean
  • Updated

Data security and confidentiality are the main concerns for most enterprises. That's why our Enterprise Plan provides enforced tools to control information security risks. These include safer access management with SAML-based SSO option and better user rights and permissions control with enhanced admin capabilities. Additionally, we introduce optional restrictions: sharing outside of allowed domains and sharing via public link. 

Available for: Enterprise plan
Set up by: Company Admins

✏️ Sharing policy settings also influence available access settings when embedding boards within a specific app. Learn more: Managing Enterprise sharing policy for embed integrations.

Restrict sharing outside the allowed domains

✏️ Miro no longer uses the terms "whitelist" or "whitelisted" to refer to a group of domains with specific rights. We now use the terms "allowed domains", "allowlist", and "allowlisted".

Once you restrict sharing outside the allowed domains, Company users will be able to share their boards with users from the specified domains only. With the setting enabled, if a Company user tries to share their board with a domain that is not allowed, they get the following message:

can_t_share_outside_the_allowlist.jpg
The board cannot be shared with a user whose domain is not in the allowlist

✏️ If sharing via public link is allowed in your Company, public boards can still be accessed by anyone with the board link (and password if it is set up).

Here’s how you can configure the settings on Company and Team level.

On Company level

Set up by: Company Admins

Once you set allowed domains on Company level, the option to share boards outside the domains will be restricted for all company members and teams. Go to Company Settings > Security > Sharing policy and toggle on the Restrict allowed domains option. Add the list of trusted domains used within your Enterprise plan. 

To let users invite people to boards as guest collaborators by passing the allowlist, check the corresponding box and click Enable.

allowed_domains.jpg
The list of trusted domains contains three domains

The users, that had been invited to the subscription before the setting was enabled, stay in your plan and retain access to the shared content. However, it will not be possible to share any other content with them. Additionally, you can Verify all users against the allowlist with one click. In case there are users whose domain is not allowed, you can remove them in the following pop-up:

validate_against_the_allowlist.jpg
Users whose email addresses do not match the allowlist

On Team level

Set up by: Company Admins

If the settings are configured on Team level, members of a certain team will not be able to invite users outside the allowed domains to the team or boards in it. The option allows you to enable the settings for a particular team without restricting sharing rules for all Enterprise users. It also provides you with the option to allow a particular domain for a team without the need to allow it for the whole Company.

✏️ If allowlisted domains are not configured on Team level, Company settings are effective. If Team-level allowlist is configured, this overrides Company-level restrictions. For example, if Domain 1 is allowlisted on Company level and Domain 2 is allowlisted on Team level, Domain 1 will not be allowed on Team level unless it is added on Team-level allowlist.

To configure allowed domains for a particular team, go to Team settings > Permissions and scroll down to Allowed domains for team. Enable the toggle and add allowed domains. To allow sharing with guests outside the domains, check the box below.

allowed_domains_on_team_level.jpg
The option to restrict allowed domains for a particular team within an Enterprise subscription

Restrict sharing via public link

Company admins can restrict all Company users or members of a particular team from sharing company boards publicly. Once the setting is turned off, Anyone with the link option disappears from the Share menu of boards in company or team.

hide_public_sharing.jpg
The option to share a board publicly can be hidden on the Share menu

On Company level

Set up by: Company Admins

To restrict public sharing for all Company users, go to Company Settings > Security > Sharing policy and toggle off Sharing via public link. Anyone with the link option will be removed from the board Share menu.

All boards that have been previously shared with a public link or embedded to sites will become unavailable for public users, and their active sessions on the boards will be closed.

If Admins enable the ability to share boards publicly again, users will need to reactivate public sharing manually for each board.

To allow sharing company boards publicly (to Commenters and Viewers without adding them to your teams), the option should be toggled on

If you want to allow sharing company boards publicly for editing, you should also select the checkbox. If you unselect the checkbox, public access to all of the boards previously shared for public editing will be restricted.

public_sharing_permissions.jpgSharing via a public link for viewing, commenting, and editing is enabled

Public link expiration (BETA)

To increase the security of publicly shared boards, enable public link expiration. When enabled, any public links shared with visitors automatically expire when a board hasn’t been opened for a set time. Visitors will no longer be able to access the board using the link. This applies to all boards from the moment public link expiration is enabled in the company security settings.

To enable public link expiration, go to Company Settings > Security > Sharing policy > Expire public access for inactive boards and select the checkbox. You can edit the Inactivity period for a minimum of 30 days up to 999 days.

Enabling_public_link_expiration.jpg
Enabling public link expiration


On Team level

Set up by: Company Admins

✏️ Sharing via a public link is turned on by default on Team level and set to “Anyone can view and comment” for newly created teams. However, if this is off on Company level, teams can’t share boards publicly even if it is allowed on Team level.

To restrict sharing boards publicly for a certain team, open the Team settings > Permissions and go to Sharing settings. Under the setting By public link, you will see three options: you can choose whether to allow sharing publicly for viewing and commenting only, for viewing, commenting, and editing, or to restrict public sharing for the team.

configure_public_sharing_in_team.jpg
The option to configure sharing via public link for a team within an Enterprise subscription

 

Mandatory passwords for public boards 

Set up by: Company Admins

In Company settings > Security > Sharing policy, you can also enforce mandatory passwords for all boards publicly shared by link. For this, check the box Require password for boards shared by public link.
enforce_mandatory_passwords.jpg
The option to enforce mandatory passwords on public boards
Once this feature is toggled on, this will apply immediately to boards previously accessible with a public link and all boards going forward will not be able to be accessed publicly without a password.
  • For boards previously accessible by public link with no passwords: If there are open sessions, all visitors will have their access revoked. If visitors try to access a link they previously had access to, they will be prompted to enter a password (if it has been set up).
  • For all boards: In order for the board to be publicly accessible by link, a password must be set by the board owner or Content Admin - when they try to share via the public link they will get prompted to create a password. If a password is removed, Anyone with the link option on the board Share menu will automatically be converted to No Access. Any team member with edit rights can share aboard via a public link if the password has already been set, otherwise, they are prompted to contact the board owner to assist in setting a password.
    mandatory_password.jpg
    Public sharing option on Enterprise plan with mandatory passwords

Restrict sharing with team and company on Team level

Set up by: Company Admins

✏️ Team and Company-wide sharing is turned on by default if the settings haven't been customized by Company admin.

Enterprise Company admins can not only configure allowed domains and limit public sharing for particular teams within Enterprise subscription but also enable/disable company-wide or team-wide sharing. This is done in Team settings > Permissions > Sharing settings.

configure_sharing_with_a_team_and_company.jpg
Board sharing settings on Enterprise plan

If you allow board sharing with a team, the team members can share their boards and projects with the whole team in one click. When disabled, the option will disappear from the Share menu of the team boards and projects. Previously shared boards and projects won’t be available to team users unless shared with them by other means. If the Admin enables the ability to share with the team again, the previously shared boards and projects won't get shared with the team automatically, so users will need to manually share them with the team again.

team_share_is_hidden.jpg
The option to share a board with the team is hidden on the Share menu

Users on Enterprise plans with disabled Team privacy can also share their boards with the whole Company for viewing, commenting, or editing in one click. You can lock this option for a particular team by selecting Not allowed under the setting With entire company. Or you can allow sharing for viewing and commenting only, or for editing as well.

Please note, if Team privacy is enabled in your Company, the option to share boards with the entire Company won’t be available even if this is allowed on Team level.

company_share_hidden.jpg
The option to share board with entire company is hidden on the Share menu

 

Restrict ability to move boards to other teams

Set up by: Company Admins

✏️ Ability to move boards to other teams is turned on by default if the setting hasn't been customized by Company admin.

When a Company admin restricts the option for a team, users won’t be able to move boards into the team and move boards out of the team. The setting is configured for each team in Team settings > Permissions

✏️ Non-admin users cannot move boards to a team if the option to create boards is restricted for them in the target team.

move_boards_restriction.jpg
The option to restrict moving boards in and out of the team

Restrict company-wide custom template sharing (BETA)

Available for: Enterprise Plan

Who can do it: Company Admin

Company admins can allow or restrict custom template sharing at the company level. When sharing is restricted, Team Members will not be able to share a custom template with the company without Admin approval.

  1. Go to Company settings
  2. Click Security
  3. Scroll down to Custom templates
  4. Toggle on Restrict company template sharing to Company Admins

Company-wide_custom_template_sharing.jpgThe option to restrict company template sharing

Frequently asked questions

  1. Do members receive notifications when Company Admins change the above-mentioned sharing settings on Team or Company level?
    - No, there is no notification in such cases. The rules get applied immediately.

  2. Do we have a dashboard where we can track all the boards being shared with a public link?
    - Currently, there is no such dashboard.

  3. I disabled the option to restrict allowed domains but we still cannot share boards with users outside of allowed domains. How can I fix that?
    - It is possible that the setting is still activated at Company/Team level. Please check if the restriction is turned off in Company or Team settings.
Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles