• Products
  • Documentation
  • Resources
Products
Documentation
Resources
Atlassian Support
/
Confluence
/
Resources
/
Confluence administration
/
Manage global permissions in Confluence administration
Cloud

How secure are public links?

Public links allow teams to share individual Confluence pages with people outside of Confluence without giving them access to Confluence. This could be useful for sharing information to the public, like customer FAQs, release notes, shareholder letters, and more.

On this page, you’ll learn how public links work and, in particular, how secure they are.

If you’re an admin looking for guidance on how to get started with public links, go to Control whether spaces can allow public links.

If you’re looking for help on how to actually share individual pages, go to Share content externally with public links.

Public links are only available on Confluence’s paid plans (Standard, Premium, and Enterprise). Only Confluence pages can have public links, not any other type of Confluence content (e.g., whiteboards, blogs, etc.).

Anyone on the internet with the public link can view the content in the page.

Public links ignore restrictions on who can view content in Confluence.

Normally, Confluence content obeys view restrictions inherited all of its higher-level containers — any parent page, the space, and the site itself. However, the public link will just work. Anyone on the internet who has the page’s public link can use it to view the safe, view-only version of the page (what we’ll call the public page).

Again, this means restricting a parent page won’t have any effect on who can view the public link of a child page.

Can someone Google a public page?

Atlassian has taken all necessary steps in its capability to make sure search engines do not index our public links.

This means that public pages are not indexed by search engines, which means no one will be able to find the public page in a Google search. They need the actual public link.

If you turn a page’s public link off, anyone using it to try to access the page will get a message saying the page can’t be found. But if you later turn the public link back on, people who already have the public link will again be able to access the page, because it’s the same link.

Who can turn on a public link for a page?

Public links are controlled at 3 levels:

  1. In Global permissions, product admins can control whether the site should allow the use of public links. Allowing public links on the site doesn’t itself make anything public. It simply offers users on the site the option of turning on any page’s public link.

  2. In Space permissions, product and space admins can control whether a specific space should allow the use of public links. Public links must be allowed on the site first. Like the global setting, allowing public links in a space doesn’t itself make anything public. It simply offers users in the space the option of turning on public links.

  3. On specific pages, users can turn on or off a page’s public link. To turn on a specific page’s public link, it needs to be allowed at both the site and space level. Also, the user needs to be able to edit the page or to have permission at the space level to edit restrictions in the space. A user who can view a page but not edit cannot turn on a page’s public link, but they can copy a public link that’s already on and share it with anyone on the internet.

In the Public links tab of Global permissions, product admins will find a list of all the spaces on their site, see whether a space allows or doesn’t allow public links, and make changes.

Product admins on the Premium plan can block space admins from allowing public links in spaces, block them preemptively while the global public links toggle is off, and multi-select to stop allowing, allow, or block from allowing in bulk.

To learn more about managing public links as a product admin, go to Control whether spaces can allow public links.

In the Public links tab of Space permissions, space admins will find a list of all the active public links in their space. They can turn off or block any active public link. On the Premium plan, they can multi-select to turn off or block in bulk.

Product admins on the Premium plan can block space admins from allowing public links in spaces, block them preemptively while the global public links toggle is off, and do so in bulk.

To learn more about managing public links as a product admin, go to Control whether spaces can allow public links.

Control for organization admins to use security policies to control public links is coming soon!

Alongside robust management functionality, Confluence will notify you of key public links activity to keep you on top of which content is shared publicly.

How product admins stay notified

As a product admin, you’ll be notified whenever someone allows public links for the entire site (changes the global toggle). Product admins can also choose to be notified whenever anyone turns on a public link anywhere on your site.

To stop receiving public links notifications as a product admin:

  1. Select your profile avatar in the top right of the top nav.

  2. Select Settings.

  3. Select Email in the sidenav.

  4. Select Edit.

  5. Uncheck Notify me when someone allows the use of public links on this site, and/or uncheck Notify me when someone turns on a public link.

How space admins stay notified

As a space admin, you’ll be notified whenever someone allows public links in your space (changes the space toggle) and whenever anyone turns on a public link in your space.

To stop receiving public links notifications as a space admin:

  1. Select your profile avatar in the top right of the top nav.

  2. Select Settings.

  3. Select Email in the sidenav.

  4. Select Edit.

  5. Uncheck Notify me when someone allows the use of public links in my spaces, and/or uncheck Notify me when someone turns on a public link in my space.

Confluence allows public links by default but no public links will actually be on by default. People will have to manually turn them on, where allowed.

Type of control

Allowed/On by default?

Site-level control in global permissions

Allowed

Space-level control

Allowed

Page-level control

Off

Defaults may differ depending on date of site creation
If your site was created before October 16, 2023, the global public links toggle will be off until you choose to turn it on.

If your site was created on or after October 16, 2023 — including sites migrating to Confluence Cloud — the global public links toggle will be on. Because all spaces will allow public links by default, this also means all spaces on your site will be allowing public links from the time you created the site. You’ll have to turn the global toggle off to stop allowing public links on your site.

Any time a product admin allows public links on their site by turning the global toggle from an off to an on position, all spaces will automatically and immediately move to an “allowed” status, regardless of any prior setting. No status will be remembered from before.

To be clear, this means users in any space that shouldn’t ultimately allow public links will be able to turn a page’s public link on until an admin manually stops allowing public links in that space.

Upgrading from Free to paid plans will trigger these defaults

Public links aren’t available on the Free plan. Upgrading makes them available and will trigger these defaults. This means that, although no public links will be on immediately, people on your site will be free to use public links in all spaces on your site the moment you upgrade.

What protections are in place to avoid accidental sharing?

We know it’s critical to have complete control and awareness over any public sharing functionality. Confluence equips both admins and end users with plenty of protection navigating this feature.

Some spaces shouldn’t allow public links. Admins can simply toggle off the ability for users in a specific space to use public links.

Product and organization admins can control whether public links should be allowed or not allowed in any new spaces created. By default, public links will be allowed in all new spaces created.

To change whether new spaces created should allow public links:

  1. Select the gear icon in the top right to go to product settings.

  2. Select Space permissions.

  3. In the Public links section, select the toggle that controls whether new spaces should allow public links.

Confirmation messages prevent mistakes

Whenever an admin wants to allow public links on the site or in a space, they’ll be informed exactly what the effect of their action is — that it will allow users to turn on public links.

Likewise, whenever an end user tries to turn on a public link, they’ll be informed exactly what the effect of their action is:

  • It will make the page’s public link active and available to be copied and shared by anyone who can view the page.

  • Anyone on the internet who already has the page’s public link will be able to view the public version of the page, even if no one re-shares the public link with them.

UI indicators show when pages are public

Confluence employs a number of indicators in the UI to mark content that’s currently being shared publicly. This helps you and your team understand which content is public at key points in your workflow, such as when editing a public page, and prevent sharing the wrong information with the wrong people.

The public link toggle on pages will appear grayed out, turned off, and disabled in any situation where the page’s public link isn’t allowed. This could be when:

  • The public link is specifically blocked by an admin.

  • Public links aren’t allowed in the space.

  • Public links aren’t allowed on the site.

All public links actions (with the exception of copying and sharing public links) are captured in the audit log. Whenever someone turns a public link on or off, a space admin allows public links in their space, or product admin allows public links for the site, it will be recorded.

Visitors to a public page can request access to your site

If your site allows people with certain email domains to join or request access to your site, they will be able to do so from any public link. Learn more about how to control how users get access to Confluence.

What is hidden from visitors to public pages?

Visitors to a public page will see a safe, view-only version of the page that was shared which hides any content outside of the shared page and locks most Confluence functionality.

Visitors to a public page can’t:

  • Edit the page

  • Comment inline or on the page

  • View inline or page comments

  • View the Confluence navigation

  • View the page tree and page breadcrumbs

  • View most macros, including those that contain data outside of the shared page, and all third party macros

Macros that won’t be hidden on public pages

Public page visitors can only view the following macros:

All other macros are not viewable in the view-only version of the page.

Additional Help

On this pageWho can access a public linkPublic links override all restrictionsCan someone Google a public page?Pages will only ever have one public linkWho can turn on a public link for a page?View and manage public links at the global levelView and manage public links at the space levelGet notified for key public links sharing activityHow product admins stay notifiedHow space admins stay notifiedWhat are the product defaults for the public links feature?Upgrading from Free to paid plans will trigger these defaultsWhat protections are in place to avoid accidental sharing?Control public links on a space-by-space basisConfirmation messages prevent mistakesUI indicators show when pages are publicPublic links are recorded in the audit logVisitors to a public page can request access to your siteWhat is hidden from visitors to public pages?Macros that won’t be hidden on public pages
CommunityQuestions, discussions, and articles