Skip to main content
The Tightknit companion site supports two access modes: Public Access and Restricted Access. When you enable restricted access, visitors must sign in to view your site content.

โ€‹
Access Control Options

โ€‹
Public Access

  • All pages are publicly accessible to anyone on the internet
  • No login required
  • Content is discoverable by search engines
  • Perfect for public communities and open knowledge sharing

โ€‹
Restricted Access

  • All pages require authentication
  • Only members of your Slack workspace can access the site
  • Content is private and not indexed by search engines
  • Ideal for internal teams and private communities

โ€‹
Enabling Authentication

To enable restricted access for your companion site:
  1. Go to the Tightknit app home in Slack
  2. Navigate to the Companion Forums Site module
  3. Click General to open the site settings
  4. Under Site Access Control, select ๐Ÿ”’ Restricted Access - login required
  5. Save your changes
Site Access Control Modal

โ€‹
Supported Login Methods

When authentication is enabled, visitors can sign in using:
  • Google Account - Sign in with any Google account
  • Slack Account - Sign in with a Slack account thatโ€™s a member of your workspace
Both login methods are secure and use industry-standard OAuth 2.0 authentication.

โ€‹
Limitations

โ€‹
Google Groups and Aliases

Google Sign-in does not support email aliases, Google Groups, or other distribution list emails. OAuth authentication requires individual user accounts, not shared or group email addresses.
If a user attempts to sign in with a Google Group email (e.g., [email protected]) or a distribution list, the authentication will fail. Users must sign in with their personal Google account.
Examples of unsupported email types:

โ€‹
Session Management

Once signed in, users remain authenticated for 7 days. After this period, theyโ€™ll need to sign in again to access restricted content. Sessions are automatically refreshed when users are active on the site. If a user accesses the site within 24 hours of their last activity, their session is extended for another 7 days. This means active users wonโ€™t be logged out unexpectedly during normal use.

โ€‹
Security Features

  • Secure Cookies - All authentication cookies are encrypted and secure
  • HTTPS Only - Authentication only works over secure connections
  • Session Timeout - Automatic logout after 7 days of inactivity
  • OAuth 2.0 - Industry-standard authentication protocol
  • Token Encryption - OAuth access tokens and refresh tokens are encrypted at rest in the database to protect against unauthorized access if the database is compromised

โ€‹
Troubleshooting

โ€‹
Users Canโ€™t Sign In

  • Ensure the user using a supported browser
  • Check that they have a valid Google or Slack account
  • Verify the user a member of your Slack workspace (for Slack login)

โ€‹
Session Issues

  • Clear browser cookies and try again
  • Check that the site is using HTTPS
  • Ensure cookies are enabled in the browser

โ€‹
Access Denied

  • Confirm the user is a member of your Slack workspace
  • Check that the site access control is set to โ€œRestricted Accessโ€
  • Verify the user completed the full OAuth flow