Access Control

Configure site auth, public paths, protected groups, and claims mapping in docs.json.

Enable site auth

json
{  "auth": {    "enabled": true,    "provider": "better-auth",    "loginUrl": "https://app.example.com/login",    "publicPaths": ["/", "/quickstart", "/api"],    "jwksUrl": "https://app.example.com/.well-known/jwks.json"  }}

Use site auth when parts of the docs must stay customer-only, partner-only, or internal.

Restrict by groups

json
{  "auth": {    "enabled": true,    "groups": {      "enterprise": {        "label": "Enterprise",        "pages": ["sso", "rbac", "audit-logs"]      }    },    "claimsMapping": {      "groups": "groups",      "email": "email"    }  }}

This lets you gate whole sections without scattering auth checks across individual pages.

Practical guidance

What should stay public?

Keep onboarding, product overview, and at least one integration path public so prospects and evaluators can self-serve.

What should be gated?

Put enterprise-only controls, internal operations runbooks, and customer-specific deployment docs behind auth.

How does this relate to preview access?

Preview access is deployment-level protection. auth is site behavior. Many teams use both.

Was this page helpful?

Previous Assistant & AI

Next Add-ons & Integrations

Enable site auth

Restrict by groups

Practical guidance

Related pages