Password-protect a status page
Require visitors to enter a password before the page renders.
Status pages run in public access mode by default. The password
mode requires a shared password before the page renders. Use it for
internal-only or partner-only views that do not need per-customer
scoping.
Steps
Switch the page to password mode
Open the page in the console, then Access. Set:
- Mode:
password. - Password: a shared secret you will distribute to authorised visitors.
Save. The page now redirects unauthenticated visitors to an unlock form.
- Mode:
Distribute the password
Share the password through the channel that already gates access to the audience (e.g. a partner portal, an internal wiki, a signed email).
Rotate the password
Open the page's access settings and update the password. Existing unlock cookies invalidate at rotation, and visitors must re-enter the new password.
Behaviour
- The unlock cookie is named
observer-page-access-<page-id>. - The cookie is signed against the current password hash. Rotating the password invalidates outstanding cookies.
- Cookie lifetime is one hour. After expiry, visitors re-enter the password.
Was this page helpful?