Only Workspace Owner, Admin, and Editor roles have the permissions to create and publish Web Apps. For details on each member’s permissions, please refer to Member Permission Management.
Modify Web App Access Permissions
Modify Web App access permissions through the following entries:- Access the Studio page and click Web App Access Permissions in the menu at the bottom right corner of the application.
- Enter the Web App editing page and click Web App Access Permissions in the menu button at the top left corner.
- Enter the Web App editing interface and click the Publish button in the top right corner. Select Web App access permissions in the Who can access web app area.
All Members Within Platform
For internal users, i.e., members within Dify Enterprise need to pass internal user identity authentication when accessing Web App links. For detailed configuration instructions, please refer to Internal User Authentication.Only members who have joined Dify Enterprise can access the Web App. When accessing the application link, a login verification page will pop up. Users can use account and password, account and verification code, or SSO authentication, and can access the Web App after passing verification.
If Web App SSO settings were enabled in Dify Enterprise versions earlier than 2.8.x, after upgrading to v2.8.x, the current Web App’s access permission scope will be automatically set to Authenticated External Users.After enabling this option, users can access the application by visiting the Web App URL or in the Explorer page of the workspace.
Specific Members Within Platform
For internal users, i.e., members within Dify Enterprise. Users need to pass internal user identity authentication when accessing Web App links. For detailed configuration instructions, please refer to Internal User Authentication.Default permission option when creating a new Web App, restricting the Web App to only specific group members within the team. For example, a Web App created by the “Sales Department” containing sensitive sales data is only open to members within the Sales Department. If you select this permission option but have not yet added any groups or members, the Web App is in a state where no one can access it. Configuration Methods:
- Allow Specific Groups to Access
- Allow Specific Members to Access
When selecting specific groups or members for access but no groups or members have been added yet, the Web App is in a state where no one can access it, and operations such as generating Web App access links and obtaining Web App embed codes cannot be performed.
Workspace Owner, Admin, and Editor have permissions to access and edit all Web Apps within the Workspace. However, please note that if the Owner or Admin is not added to the Web App’s “Specific Members Within Platform” list, they still cannot access the Web App through online links.
Authenticated External Users
For external users, i.e., members outside Dify Enterprise. To learn how to configure SSO for external members, please refer to Web App External User Authentication.After selecting this option, users outside the Dify Enterprise platform will be required to pass SSO authentication when accessing Web App links. Enterprise administrators can uniformly monitor and manage external users through third-party identity providers (IdP), keeping them isolated from member data within Dify Enterprise. Common Configuration Scenarios:
- Large enterprises: Only IT department personnel need to join Dify Enterprise for application orchestration. After publishing applications, they are used by employees in other departments without requiring everyone to join Dify Enterprise.
- External suppliers: Providing AI-driven services to external partners, such as partner intelligent training assistants, knowledge base Q&A, etc.
- Product consultation platform: Providing intelligent product introductions and technical support to potential customers.
If you find a disable reminder appears on the right side of this option, please contact the system administrator to go to the admin backend and check whether Web App external user SSO authentication has been configured and enabled. For detailed instructions, please refer to Web App External User Authentication.
Anyone
This option will allow any user who obtains the internet link to access the Web App without requiring an authentication process. It is usually suitable for publicly demonstrated Web Apps, customer-facing services, or public resources.Accessing Web App
Team members can view and access all Web Apps that are open to them within the enterprise on the Explorer page.
Other Web App Publishing Options
After completing Web App permission configuration, you can also use the following features in the Web App publishing panel:Embed in Website
Get embed code to embed the Web App into other websites.
Frequently Asked Questions
Do I need to republish the Web App for permission changes to take effect?
No. Permission changes take effect immediately without needing to republish the Web App. However, please note that the current sessions of members who have already obtained access permissions will not immediately become invalid and may need to wait for the session to expire before the new Web App permission settings take effect.How to ensure that only specific members can access my Web App?
You can select the “Specific Groups or Members” option and then add the members you need to grant access permissions to.How to check who has permission to access my Web App?
You can view the list of groups and members who currently have access to the Web App in the Who can access web app option on the Web App’s publishing page.How to choose the appropriate permission mode?
It is recommended to choose according to the following principles:- Internal collaboration tools: Choose “All Members Within Platform”
- Department-specific Web App: Choose “Specific Members Within Platform”
- Customer service Web App: Choose “Authenticated External Users”
- Public demonstration: Choose “Anyone” (please use with caution)