Set up Confluence Cloud
Get the high-level details you need to set up your Confluence Cloud site in order to meet your team's needs.
How secure are public links?
Public links allow teams to share individual Confluence pages with people outside of Confluence without giving them access to Confluence. This could be useful for sharing information to the public, like customer FAQs, release notes, shareholder letters, and more.
On this page, you’ll learn how public links work and, in particular, how secure they are.
If you’re an admin looking for guidance on how to get started with public links, go to Set up and manage public links.
If you’re looking for help on how to actually share individual pages, go to Share content externally with public links.
Public links are only available on Confluence’s paid plans.
Who can access a public link
Anyone on the internet with the public link can view the content in the page.
Public links override all restrictions
Public links ignore restrictions on who can view content in Confluence.
Normally, Confluence content obeys view restrictions inherited all of its higher-level containers — any parent page, the space, and the site itself. However, the public link will just work. Anyone on the internet who has the page’s public link can use it to view the safe, view-only version of the page (what we’ll call the public page).
Again, this means that adding a view restriction to a parent page won’t have any effect on who can view a child page that’s public.
Can someone Google a public page?
Public pages are not indexed by search engines, which means no one will be able to find the public page in a Google search. They need the actual public link. Atlassian has taken all necessary steps within its capability to make sure search engines do not index our public links.
Who can turn on a public link for a page?
Public links are controlled at 3 levels:
In Global permissions, product admins can control whether the site should allow the use of public links. Allowing public links on the site doesn’t itself make anything public. It simply offers users on the site the option of turning on any page’s public link.
In Space permissions, product and space admins can control whether a specific space should allow the use of public links. Public links must be allowed on the site first. Like the global setting, allowing public links in a space doesn’t itself make anything public. It simply offers users in the space the option of turning on public links.
On specific pages, users can turn on or off a page’s public link. To turn on a specific page’s public link, it needs to be allowed at both the site and space level. Also, the user needs to be able to edit the page and to have permission at the space level to edit restrictions in the space. A user who can view a page but not edit cannot turn on a page’s public link, but they can copy a public link that’s already on and share it with anyone on the internet.
Pages will only ever have one public link
If you turn a page’s public link off, anyone using it to try to access the page will run into a 404 page. But if you later turn the public link back on, people who already have the public link will again be able to access the page, because it’s the same link.
What is hidden from visitors to public pages?
Visitors to a public page will see a safe, view-only version of the page that was shared which hides any content outside of the shared page and locks most Confluence functionality.
Visitors to a public page can’t:
Edit the page
Comment inline or on the page
View inline or page comments
View the Confluence navigation
View the page tree and page breadcrumbs
View most macros, including those that contain data outside of the shared page, and all third party macros
Macros that won’t be hidden on public pages
Public page visitors can only view the following macros:
All other macros are not viewable in the view-only version of the page.
What are the product defaults for the public links feature?
Confluence allows public links by default but no public links will actually be on by default. People will have to manually turn them on, where allowed.
Type of control | Allowed/On by default? |
|---|---|
Site-level control in global permissions | Allowed |
Space-level control | Allowed |
Page-level control | Off |
Defaults may differ depending on date of site creation
If your site was created before October 16, 2023, rest assured that the global public links toggle will be off. You’ll have to turn the toggle on to allow public links.
If your site was created on or after October 16, 2023 — including sites migrating to Confluence Cloud — the global public links toggle will be on. Because all spaces will allow public links by default, this also means all spaces on your site will be allowing public links from the time you created the site. You’ll have to turn the global toggle off to stop allowing public links on your site.
Any time a product admin allows public links on their site by turning the global toggle from an off to an on position, all spaces will automatically and immediately move to an “allowed” status, regardless of any prior setting. No status will be remembered from before.
To be clear, this means users in any space that shouldn’t ultimately allow public links will be able to turn a page’s public link on until an admin manually stops allowing public links in that space.
A dashboard in global permissions for auditing which spaces are allowing public links is coming soon, as well as a way for product admins to block space admins from allowing public links in their space (available on Premium plans only).
What protections are in place to avoid accidental sharing?
We know it’s critical to have complete control and awareness over any public sharing functionality. Confluence equips both admins and end users with plenty of protection navigating this feature.
Control public links on a space-by-space basis
Some spaces shouldn’t allow public links. Admins can simply toggle off the ability for users in a specific space to use public links.
Confirmation messages prevent mistakes
Whenever an admin wants to allow public links on the site or in a space, they’ll be informed exactly what the effect of their action is — that it will allow users to turn on public links.
Likewise, whenever an end user tries to turn on a public link, they’ll be informed exactly what the effect of their action is:
It will make the page’s public link active and available to be copied and shared by anyone who can view the page.
Anyone on the internet who already has the page’s public link will be able to view the public version of the page, even if no one re-shares the public link with them.
UI indicators show when pages are public
Confluence employs a number of indicators in the UI to mark content that’s currently being shared publicly. This helps you and your team understand which content is public at key points in your workflow, such as when editing a public page, and prevent sharing the wrong information with the wrong people.
Public links are recorded in the audit log
All public links actions (with the exception of copying and sharing public links) are captured in the audit log. Whenever someone turns a public link on, a space admin allows public links in their space, or product admin allows public links for the site, it will be recorded.
Visitors to a public page can request access to your site
If your site allows people with certain email domains to join or request access to your site, they will be able to do so from any public link. Learn more about how to control how users get access to Confluence.
Was this helpful?