StrongDM ID

Identity-Scoped Sharing

Share specific work with email-verified identity and path-scoped access.

The Problem

You want to share work with someone outside your organization. Common options trade convenience for control:

Public Link
Anyone with the URL can access it. Forward it accidentally? Too bad.
Create an Account
Friction. Another password. Another identity to manage.
Email Attachment
Version control nightmare. Data leaves your system entirely.

The Solution: ShareGrants

"
ShareGrants let you grant access to a path for a specific email address.

You specify an email address and a path. The recipient clicks the link, authenticates with their existing identity provider (Google, Microsoft, Apple, etc.), and receives a token scoped to exactly that path.

The recipient signs in with what they already have. Access can expire automatically.

Forward Protection

Access requires authenticating as the intended recipient. The email must match the grant.

The Recursive Demo

The Recursive Demo

When you share this page with someone external, they'll authenticate via StrongDM ID using their own identity provider (Google, Microsoft, Apple). Their access will be scoped to exactly this path. They'll read about identity-scoped sharing while experiencing it.

How It Works

1
Create a ShareGrant
Specify the path, recipient email, and expiration. The grant is stored in StrongDM ID.
2
Send the Link
The recipient gets a link to your content. The link itself grants no access.
3
Recipient Authenticates
They sign in with their own identity provider. StrongDM ID verifies their email matches the grant.
4
Scoped Access Granted
They receive a token that allows access only to the specified path. Nothing else.

Send a Share

Create a share to this page and send it to a colleague or friend. They'll authenticate and see how identity-scoped sharing works.

Create a Share

Sharing: /products/strongdm-id/sharing
CLI alternative:
make share PATH=/products/strongdm-id/sharing TO=email@example.com
StrongDM ID OverviewAll Products