You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can now set up multiple passwords in the Dashboard, each mapped to a different role. Combined with [role-based access control (RBAC)](/learn/docs/authentication/features/rbac), this lets you control which pages and sections different groups can access — without needing JWT or OAuth.
8
+
9
+
To get started, go to **Settings** > **Password** in the [Dashboard](https://dashboard.buildwithfern.com/).
10
+
11
+
<Buttonintent="none"outlinedrightIcon="arrow-right"href="/learn/dashboard/configuration/password-protection">Read the docs</Button>
Copy file name to clipboardExpand all lines: fern/products/dashboard/pages/password-protection.mdx
+12-7Lines changed: 12 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ description: Manage password protection for your documentation site from the Fer
5
5
6
6
<Markdownsrc="/snippets/team-plan.mdx"/>
7
7
8
-
Protect your published documentation site with a shared password directly from the [Fern Dashboard](https://dashboard.buildwithfern.com/). When enabled, visitors must enter the password before they can view any content.
8
+
Protect your published documentation site with a shared password directly from the [Fern Dashboard](https://dashboard.buildwithfern.com/). When enabled, visitors must enter the password before they can view any content. You can also set up multiple passwords for use with [RBAC](/learn/docs/authentication/features/rbac).
9
9
10
10
<Note>
11
11
Password-protected sites aren't indexed by search engines.
@@ -26,18 +26,23 @@ Navigate to the [Fern Dashboard](https://dashboard.buildwithfern.com/) and selec
26
26
Open the **Settings** page for your docs site. You'll see a **Password** card at the top of the page.
27
27
</Step>
28
28
29
-
<Steptitle="Set a password">
29
+
<Steptitle="Set password(s)">
30
30
31
-
Enter a password and click **Save**. A confirmation dialog will appear — select **Enable** to activate password protection.
31
+
Enter a single password for your entire set, or select **Add roles** to add multiple passwords that are each mapped to a user role you define. You can add a maximum of three user roles. Click **Save** to activate password protection.
32
32
33
-
Once enabled, the card displays the current password along with when and by whom it was last updated.
33
+
Once enabled, the card displays the current password(s) along with when and by whom they were last updated.
34
+
</Step>
35
+
36
+
<Steptitle="Configure RBAC (optional)">
37
+
38
+
If you set up multiple passwords with different user roles, configure [role-based access control (RBAC)](/learn/docs/authentication/features/rbac) in `docs.yml` to restrict pages and sections of your site by role.
34
39
</Step>
35
40
</Steps>
36
41
37
42
## Manage password protection
38
43
39
-
In the same dialog, you can **Reset** the password, or **Remove** the password to make your site publicly accessible.
44
+
In the same dialog, you can **Reset** the password(s), or **Remove** the password(s) to make your site publicly accessible.
40
45
41
-
<Notetitle="Roles">
42
-
All [role types](/learn/dashboard/configuration/permissions) can view the current password. Only Admins can set, reset, or remove a password.
46
+
<Note>
47
+
All [members](/learn/dashboard/configuration/permissions) can view the current password(s). Only Admins can set, reset, or remove a password.
@@ -24,10 +24,10 @@ Fern offers four ways to authenticate users on your documentation site.
24
24
25
25
## Which option should I use?
26
26
27
-
-**[Password protection](/learn/docs/authentication/setup/password-protection)** — You need quick gating with a single shared password. No per-user accounts, no setup beyond `docs.yml`.
27
+
-**[Password protection](/learn/docs/authentication/setup/password-protection)** — You need quick gating with a shared password (no per-user accounts). Supports multiple passwords mapped to roles for [role-based access control](/learn/docs/authentication/features/rbac).
28
28
-**[SSO](/learn/docs/authentication/setup/sso)** — Your team should log in with corporate credentials (Okta, Google Workspace, etc.) for internal docs or wikis.
29
-
-**[JWT](/learn/docs/authentication/setup/jwt)** — You want to integrate with your existing login system and control the entire auth flow yourself. Enables[role-based access control](/learn/docs/authentication/features/rbac) and [API key injection](/learn/docs/authentication/features/api-key-injection).
30
-
-**[OAuth](/learn/docs/authentication/setup/oauth)** — You want to integrate with your existing login system but have Fern manage the auth flow via your OAuth provider. Enables[role-based access control](/learn/docs/authentication/features/rbac) and [API key injection](/learn/docs/authentication/features/api-key-injection).
29
+
-**[JWT](/learn/docs/authentication/setup/jwt)** — You want to integrate with your existing login system and control the entire auth flow yourself. Supports[role-based access control](/learn/docs/authentication/features/rbac) and [API key injection](/learn/docs/authentication/features/api-key-injection).
30
+
-**[OAuth](/learn/docs/authentication/setup/oauth)** — You want to integrate with your existing login system but have Fern manage the auth flow via your OAuth provider. Supports[role-based access control](/learn/docs/authentication/features/rbac) and [API key injection](/learn/docs/authentication/features/api-key-injection).
31
31
32
32
JWT and OAuth share the same capabilities — the difference is who manages the auth flow. Both can be used for login-only gating, or combined with [RBAC](/learn/docs/authentication/features/rbac) and [API key injection](/learn/docs/authentication/features/api-key-injection) for granular access control and pre-filled API keys.
Copy file name to clipboardExpand all lines: fern/products/docs/pages/authentication/password.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,13 +7,13 @@ subtitle: Protect your documentation site with a shared password for simple acce
7
7
8
8
<Markdownsrc="/snippets/team-plan.mdx"/>
9
9
10
-
Password protection allows you to restrict access to your documentation site using a shared password. This is useful for pre-release documentation, internal resources, or any content you want to keep private without requiring individual user accounts.
10
+
Password protection allows you to restrict access to your documentation site using a single shared password or multiple passwords (up to three), each mapped to a role. This is useful for pre-release documentation, internal resources, or any content you want to keep private without requiring individual user accounts.
11
11
12
-
[Set up and manage password protection](/learn/dashboard/configuration/password-protection) in the [Fern Dashboard](https://dashboard.buildwithfern.com/).
12
+
[Set up and manage password protection](/learn/dashboard/configuration/password-protection) in the [Fern Dashboard](https://dashboard.buildwithfern.com/). If you set up multiple passwords for different user roles, then configure [RBAC](/learn/docs/authentication/features/rbac) to control which content different groups can access.
13
13
14
14
## How it works
15
15
16
-
When password protection is enabled, visitors to your documentation site are prompted to enter a password before they can view any content. Once authenticated, users can browse the site until their session expires.
16
+
When password protection is enabled, visitors to your documentation site are prompted to enter a password before they can view any content. Once authenticated, users can browse the site until their session expires. If multiple passwords are configured, the password entered determines the user's role and which content they can access.
17
17
18
18
<Note>
19
19
When password protection is active, search engines won't index your site.
Copy file name to clipboardExpand all lines: fern/products/docs/pages/authentication/rbac.mdx
+11-7Lines changed: 11 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,17 +6,21 @@ description: Learn how to restrict access to your documentation using role-based
6
6
7
7
<Markdownsrc="/snippets/agent-directive.mdx"/>
8
8
9
-
<Markdownsrc="/snippets/enterprise-plan.mdx"/>
9
+
<Warningtitle="Team and Enterprise feature">
10
+
Password-based RBAC is available on the [Team and Enterprise plans](https://buildwithfern.com/pricing). JWT and OAuth-based RBAC require the [Enterprise plan](https://buildwithfern.com/pricing).
11
+
</Warning>
10
12
11
-
RBAC is a feature of [JWT](/learn/docs/authentication/setup/jwt) and [OAuth](/learn/docs/authentication/setup/oauth) authentication. Once a user logs in through either method, Fern checks the [`fern_token`](/learn/docs/authentication/overview#how-authentication-works) cookie to determine their roles and controls access to pages, sections, and other navigation items accordingly.
13
+
RBAC controls access to pages, sections, and other navigation items based on user roles. It works with [password protection](/learn/docs/authentication/setup/password-protection), [JWT](/learn/docs/authentication/setup/jwt), and [OAuth](/learn/docs/authentication/setup/oauth) authentication.
12
14
13
-
RBAC is useful for partner docs, beta features, tiered access, and internal content. You can combine it with [API key injection](/learn/docs/authentication/features/api-key-injection) in a single token. When RBAC is configured, [Ask Fern](/learn/docs/ai-features/ask-fern/overview) automatically respects these permissions.
14
-
15
-
<Note>If you'd like restricted pages to be visible but locked to unauthenticated users (rather than completely hidden), let Fern know during setup.</Note>
15
+
RBAC is useful for partner docs, beta features, tiered access, and internal content. You can combine it with [API key injection](/learn/docs/authentication/features/api-key-injection) when using JWT or OAuth authentication. When RBAC is configured, [Ask Fern](/learn/docs/ai-features/ask-fern/overview) automatically respects these permissions. By default, restricted pages are completely hidden from unauthorized users — if you'd like them to be visible but locked instead, let Fern know during setup.
16
16
17
17
## Setup
18
18
19
-
To enable RBAC, follow the [JWT](/learn/docs/authentication/setup/jwt) or [OAuth](/learn/docs/authentication/setup/oauth) setup guide, then define your roles in `docs.yml`:
19
+
<Info>
20
+
RBAC is configured in `docs.yml` and managed through the [Fern CLI](/learn/cli-api-reference/cli-reference/overview). If you set up your site using the [guided UI](https://dashboard.buildwithfern.com/get-started), you'll need to work with your Fern configuration files directly instead of through the Fern Dashboard.
21
+
</Info>
22
+
23
+
To enable RBAC, first set up an authentication method — [password protection](/learn/docs/authentication/setup/password-protection), [JWT](/learn/docs/authentication/setup/jwt), or [OAuth](/learn/docs/authentication/setup/oauth) — then define your roles in `docs.yml`:
20
24
21
25
```yml docs.yml
22
26
roles:
@@ -26,7 +30,7 @@ roles:
26
30
- admins
27
31
```
28
32
29
-
Every user automatically has the `everyone` role, including unauthenticated visitors. If a user lacks the required role or isn't authenticated, Fern redirects them to your login page.
33
+
Every user automatically has the `everyone` role, including unauthenticated visitors. If a user lacks the required role or isn't authenticated, Fern redirects them to your login page. There is no limit on the number of roles you can define, unless you're using [password protection](/learn/docs/authentication/setup/password-protection), which supports up to three.
0 commit comments