Summary

Currently, users can share content with unlicensed users via Anonymous Access only at the site level (Global Permissions). Space permissions for anonymous users are then granted or revoked at the space level, but there's no way to manage anonymous access individually.

Once enabled, there is no control over who accesses the content; anyone on the internet can access it.

This does not distinguish between anonymous users within the company and anyone on the internet.

A role granting similar access as the anonymous user view, managed in the Users Management section, to unlicensed users added to the site by invitation, would benefit various use cases.

Proposed Solution

Create a new role, "viewer user" (or "anonymous user"), with access similar to anonymous users but managed in Users Management, instead of enabled at the Global Permissions settings for the entire internet, and assigned to users who got invited to the site but won’t have a license to the app, balancing business and security needs. Or allow this access to be granted to a directory group.

Admins may benefit from a specific role for unlicensed users who only need to read content, avoiding seat allocation or using workarounds while maintaining control over publicly shared content.

Possible workaround (+limitation)

Currently, one way to control content shared with anonymous access is using the IP Allowlist, available on Premium and Enterprise, which allows access from specific IPs like the company VPN. However, if the company does not use a VPN or uses multiple devices (such as mobile devices) per user, this workaround can be difficult to manage.

Therefore, a new role for unlicensed company users would help manage access directly from the user access page.