SSO more granular?

ssc

I want to have a more granular SSO config allowing not logged in user to view shared documents but not allow them to create new documents. I have not found anything about it on the net so I am asking: Is that possible?

Mathilde

Hello,

Thanks for reaching out and for your interest in CryptPad!

I don't believe that can be handled at the SSO's level. It's more something you'll need to setup instance-wide. Hence, you could use the following variable in customize/application_config.js as explained in our administrator guide.

nanoc

One major drawback with this approach seems to me, that disabling anonymous pad creation (and drive) is only enforced client side (security risk), while the guest access restriction is enforced server side. Nevertheless, with guest access restriction on, you cannot share access links with unregistered users.
So seems currently you have two possibilities: All users need to be registered, even those outside SSO need an account, or enable guest access with the risk somebody manipulating the client and storing documents as they like.