Skip to main content
All CollectionsCanny Emails
Pre-authenticated Email Links
Pre-authenticated Email Links

The article introduces Canny's pre-authenticated email link setting and how it reduces friction for user engagement.

Sara Al Mouaswas avatar
Written by Sara Al Mouaswas
Updated over 2 months ago

Overview

We are excited to introduce a new setting in Canny: pre-authenticated email links. This setting is designed to help you control your organization’s security while making it easy for users to re-access Canny from email notifications.

Pre-authenticated email links reduce friction for user engagement by allowing users to navigate back to Canny without needing to log in again. This is especially useful for end users who only occasionally visit Canny, as their sessions may have expired since their last visit.

Benefits

  • Improved Engagement: Users can easily provide feedback or interact with content in Canny through email notifications.

  • Streamlined Access: Reduces login barriers, helping users focus on sharing feedback or insights.

  • Enhanced Security Control: Allows admins to decide whether or not this streamlined access is appropriate for their organization.


How to manage your pre-authenticated links setting

To manage your pre-authenticated links setting, Owner-level admin permissions are required. Follow these steps to update your Canny settings:

  1. Go to your Security Settings.

  2. Under Email Authentication, enable or disable the pre-authenticated links setting based on your organization’s preferences.

By default, pre-authenticated links are enabled, ensuring that end users can easily engage with Canny without additional sign-in steps.


FAQ’s

What are pre-authenticated links and why does Canny use them?

Pre-authenticated links contain a unique token that automatically logs users into Canny. These links appear in Canny emails, such as:

Because most users only visit Canny when there’s an update, these links ensure a seamless path to feedback or information, even if their session has expired.

What risks exist with enabling pre-authenticated links?

While pre-authenticated links enhance accessibility, forwarding emails with these links can pose a risk of unintended access or user impersonation by the email recipient.

How are the risks mitigated?

We’ve implemented safeguards to minimize impersonation risks:

  • Session Priority: If an email is forwarded to a colleague already logged into Canny, their existing session will take precedence, and they won’t be authenticated as the original recipient.

  • Restricted Use: Pre-authenticated links apply only to end users and cannot authenticate administrators. Admin access requires a direct login.


Related Articles:

Did this answer your question?