External Access Settings

The External Access Settings feature allows you to control how organisational information is shared with external users, ensuring data privacy and security. Specifically, it determines the visibility and accessibility of person type fields (e.g., user pickers) when external users interact with a form.

Since person type fields can expose information such as names, email addresses, and other contact details, we recommend setting them to Hidden for external users unless explicitly required.

Configuring People Picker Behaviour

This setting lets you define whether person type fields are:

• Enabled – External users can view and select people from the directory.
• Disabled – External users can see the field but cannot modify it.
• Hidden – The field is completely invisible to external users.

When Do These Settings Apply?

The availability of these settings depends on whether external user features are enabled:

Example Configurations

– Hidden Setting (Recommended for Security)

• The person type field is completely hidden from external users.
• External users cannot see or interact with the field.
• Best for protecting internal user details.

Hidden setting

– Disabled Setting

• External users can see the field but cannot modify it.
• Useful when you want to display internal contacts without allowing changes.

Disabled setting

– Enabled Setting

• External users can view and select users from the directory.
• Use this only if external users need to reference or assign internal contacts.

Enabled setting

Best Practices

✔ Restrict access to sensitive information – If the form includes personal details of internal users, consider hiding the person type field.
✔ Align with organisational policies – Ensure external access settings comply with data protection and privacy policies.
✔ Test form behaviour – If external users require access to certain fields, verify settings before deployment.