Private workspaces & SSO

Make your content private by enabling SSO authentication on a workspace. Only verified users from allowed email domains can access Hubs, Bites, and Pulse feeds.

What is a private workspace?

By default, published content in a workspace is publicly accessible — anyone with the link can view it. A private workspace adds an authentication layer: visitors must sign in with an approved email domain before they can see any content.

How SSO works

When SSO is enabled on a workspace:

1. 1A visitor opens a Hub, Bite, or Pulse link.
2. 2The system checks for a valid authentication token.
3. 3If not authenticated, the visitor is redirected to a sign-in page.
4. 4The visitor signs in with their email — only allowed domains are accepted.
5. 5After authentication, the visitor is redirected back to the original content.
6. 6The authentication token is stored as a cookie for seamless future visits.

Setting up SSO

SSO setup is handled by the DemoBites team. Contact us to enable SSO on your workspace:

User experience

The sign-in process is designed to be frictionless:

• No passwords — email-based verification keeps things simple.
• Session cookies persist across visits, so returning users go straight to content.
• The sign-in page is branded with your workspace identity (logo, colors).
• Failed sign-in attempts with non-allowed domains show a clear error message.

Domain allowlisting

You control exactly which email domains can access your private workspace. Add your company domain, client domains, or partner domains:

# Allowed domains
acme.com
partner-agency.com
consulting-firm.io

Anyone with an email address at these domains can sign in. Users with emails from other domains are denied access.

Pricing

Private workspaces with SSO are available as an add-on at $25/month per workspace. This includes the full SSO authentication flow, domain allowlisting, custom-branded sign-in page, and session management.