Knogin
[Developers]

Collaboration External Sharing: Secure Guest Access & Collaboration Platform

Sharing a sensitive operational briefing document with an external legal counsel or a partner agency should not involve attaching it to an email and hoping for the best. The External Sharing module replaces that approach

Back to All Modules
Category: CollaborationLast Updated: Feb 5, 2026
collaborationcompliance

Overview#

Sharing a sensitive operational briefing document with an external legal counsel or a partner agency should not involve attaching it to an email and hoping for the best. The External Sharing module replaces that approach with controlled sharing that has a clear audit trail, an expiry date, and revocation capability if circumstances change.

Whether the context is a financial crime investigation involving a third-party forensic firm, a border security operation requiring coordination with a foreign liaison, or a legal matter involving external counsel, this module provides the security controls to collaborate without losing governance. Sharing is scoped to the user's organisation, and every access event is logged. Guest access can be restricted by IP range, device posture, or geography for high-sensitivity scenarios.

Key Features#

  • Granular Guest Access: Support multiple guest types, from anonymous link access to fully registered external collaborators, each with appropriate security controls and access boundaries.
  • Permission Controls: Set view-only, comment, or edit permissions for shared content, with the ability to restrict downloads, enforce watermarking, and control printing.
  • Automatic Expiration: Shared links and guest access automatically expire after configurable time periods, eliminating the risk of indefinite external access to sensitive materials.
  • Password Protection: Add password requirements to shared content for an additional security layer when sharing sensitive materials with external parties.
  • Real-Time External Collaboration: External users can work alongside internal teams with full activity tracking, audit logging, and permission enforcement.
  • Branded Guest Portals: Customisable client-facing portals with organisation branding, custom domains, and professional presentation for a polished sharing experience.
  • Device and IP Restrictions: Restrict access to approved devices, IP address ranges, and geographic locations for high-security sharing scenarios.
  • Complete Audit Trail: Track every external access, download, view, and interaction with shared content for security monitoring, compliance, and governance purposes.
  • Legal Terms Acceptance: Require external users to accept terms of use, confidentiality agreements, or other legal terms before accessing shared content.
  • Revocation Controls: Instantly revoke external access to any shared content, with immediate effect across all access methods and devices.

Use Cases#

Client Deliverable Sharing#

Professional services firms share project deliverables with clients through branded portals, providing a professional experience with controlled access, automatic expiration, and download tracking for engagement management.

Partner Agency Coordination#

Joint investigations and partnership projects across financial crime networks or border security operations use external sharing to coordinate across organisational boundaries while maintaining clear data governance, access controls, and audit trails for each participating organisation.

Secure Document Review#

Legal teams share sensitive documents with external counsel, expert witnesses, or opposing parties through password-protected, time-limited links with download tracking, watermarking, and revocation capability.

Vendor Collaboration#

Procurement and supply chain teams collaborate with vendors on documents, specifications, and contracts within secure shared workspaces with appropriate access boundaries and activity monitoring.

Board and Investor Communication#

Organisations share board materials, financial reports, and investor updates through secure portals with access controls, download tracking, and automatic expiration aligned with meeting schedules.

Workflows#

External Content Sharing#

  1. Select content to share and choose the sharing method: link, guest invitation, or portal access.
  2. Configure permissions, expiration dates, password protection, download restrictions, and any access conditions.
  3. Optionally add legal terms acceptance requirements for the shared content.
  4. Send the share invitation or link to external recipients through email or direct communication.
  5. Monitor access activity through the audit trail and manage sharing settings throughout the sharing period.

Guest Portal Setup#

  1. Create a branded guest portal with organisational branding, custom domain, and professional layout.
  2. Define the content structure, navigation, and access permissions for external users.
  3. Invite external collaborators with role-appropriate access levels and authentication requirements.
  4. Manage ongoing guest access with periodic access reviews, activity monitoring, and automatic expiration enforcement.
  5. Review portal analytics to understand usage patterns and optimise the external collaboration experience.

Access Review and Revocation#

  1. Review the list of active external shares with access details, last activity dates, and expiration schedules.
  2. Identify shares that are no longer needed, have exceeded their intended duration, or pose security concerns.
  3. Revoke access immediately or adjust permissions and expiration dates as needed.
  4. Revocation takes effect instantly across all access methods, with notification to affected external users if configured.

Integration#

  • Programmable API Access: Manage external sharing settings, guest access, and portal configurations programmatically for integration with CRM and partner management systems.
  • Single Sign-On: Support SSO integration for partner organisations to simplify external user authentication and reduce credential management overhead.
  • Compliance Platforms: Feed sharing activity data into compliance monitoring systems for data governance oversight and regulatory reporting.
  • Communication Tools: Send sharing invitations, access notifications, and expiration reminders through email and messaging platform integrations.

Open Standards#

  • JSON Web Token (JWT) / RFC 7519 with RS256 (RFC 7518): Sharing portal access tokens are issued as asymmetrically-signed JWTs using RS256, with bound audience and issuer claims to prevent token impersonation across contexts.
  • SAML 2.0 / OpenID Connect (OIDC): Federated SSO for partner agencies supports both SAML and OIDC identity providers, enabling external collaborators to authenticate via their own organisation's identity infrastructure.
  • OAuth 2.0 Bearer Token Usage (RFC 6750): Sharing portal API routes accept guest credentials via the standard HTTP Authorization: Bearer scheme, consistent with OAuth 2.0 resource server conventions.
  • PBKDF2-HMAC-SHA-256 (RFC 8018): One-time passwords and invitation secrets are hashed using PBKDF2-HMAC-SHA-256 at a minimum of 600,000 iterations, aligned with OWASP 2023 password storage guidance.
  • Traffic Light Protocol (TLP): Sharing policy classification ceilings use TLP markings (TLP_GREEN, TLP_AMBER, TLP_RED) to govern what data sensitivity may be disclosed to external recipients.
  • 28 CFR Part 23: Cross-agency shares involving criminal intelligence data enforce 28 CFR Part 23 compliance documentation requirements, including source reliability and content validity codes.
  • GraphQL (June 2018 Specification): The sharing and collaboration capabilities are exposed through a GraphQL API, supporting typed queries and mutations for token management, session handling, and audit retrieval.
  • WebSocket (RFC 6455): Real-time collaboration features use WebSocket connections to deliver presence awareness, typing indicators, and activity broadcasts to concurrent internal and external users.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.