Devolutions ForumDevolutions Forum

Guest User Access and Secure Item Sharing

Guest User Access and Secure Item Sharing

2 votes

avatar
ericjulien

📌 Request
Implement a “guest user” feature to facilitate occasional sharing of sensitive information without needing to add a paid user.
This type of temporary user would allow restricted access to specific content, for a limited use or period, in a secure and controlled way.

🎯 Need
Enable the sharing of a complete item (e.g., a certificate along with its password) with an external user, not just a message or plain text.

⚠️ Current Issue

  • Once a link is generated, anyone with access to that link can view the content — even if a passphrase is required.
  • This raises security concerns:
    • There’s no guarantee that only the intended recipient will access the content.
    • It's difficult to securely transmit both the link and the passphrase.


Desired Improvement
A more secure and targeted approach, where only the intended recipient can access the shared content.
For example, by requiring authentication via email address or another verifiable method, to ensure access is properly restricted.
Let me know if you'd like a shorter version for a pitch or a support ticket.

All Comments (5)

avatar
Maxime Morin

Hello,

That's currently possible when the user has a Devolutions Account. With a Devolutions Account, when using Devolutions Send sent by email, the passphrase is not required and you can be sure that only the receiver can see the content.

Let me know if this helps, have a good day!

Maxime Morin

avatar
ericjulien

Hello,

But our use case specifically involves external users who do not have a Devolutions Account, and for whom we would prefer not to require account creation — especially for one-time or occasional access.

That’s why we were exploring the idea of “guest” users or temporary access, allowing us to securely share sensitive content without onboarding full accounts. The current method is a step in the right direction, but we’re looking for an even more streamlined and secure way to share data with external parties.
Let me know if this is something that could be considered in your roadmap.

Thanks again and have a great day!

avatar
Maxime Morin

Hello,

Thank you for the precision. If we were to implement an OTP by email before revealing the secret would that fit your requirements? This would allow us to validate the user opening the email link is indeed the owner of the said email.

Have a good day!

Maxime Morin

avatar
ericjulien

Hello,
It sounds like a good start, but I believe you are still referring to your "Send" feature, which mainly allows sending a message — unless I'm mistaken?

The idea we are aiming for is also to allow the external user to access files, not just a text message.
Unless it would be possible to encapsulate an item (any type of item, including multiple fields and attached files) into a single message?

One case that is absolutely essential for us is the ability to transfer a certificate along with its password (or other sensitive information) to a user who does not have a Devolutions Account.

Thank you again for considering our needs!

avatar
Maxime Morin

Hello,

Yes, I was referring via Devolutions Send. The platform itself already support sending files.
https://send.devolutions.com/

To fully support your case, we would need to integrate that into Hub and add the support of email OTP to "authenticate" the user.

Have a good day!

Maxime Morin