Private forms | non-public links, require login, etc
under review
A
Aaron Sakievich
I want to be able to use forms internally without a public link.
Even if I don't publicize the public link it is still a security issue.
Log In
Michael Van Doorn
Hey, everyone!
Thank you for your feedback regarding Form Security. To better understand the issues you're experiencing, I would appreciate more details on your request to place Forms behind authorization, allowing only users with access to the Workspace to submit them.
Could you please clarify whether you envision this as:
- A global (Workspace-wide) setting
- A setting that is configurable on a form-by-form basis
- Other
Your insights are valuable in helping us improve the platform. Thank you!
C
Christian Johnston
THIS FEATURE IS A MUST
N
Nick Priselac
This is a critical security requirement in my mind. Information in our internal forms can be viewed by anyone and could potentially be used to inform malicious actors in phishing and other hacking attempts.
Make all forms private by default. Add a selector in the individual form controls to make a form publicly accessible.
M
Maksim Lebedev
Any update on when this feature will be available?
R
Rob Phelan
I am also looking for this feature. I am absolutely dumbfounded that this hasn't been taken up as a critical security feature. This was requested 3 years ago and has lots of user support (to say nothing of basic common sense!). PLEASE push this up!
R
Ryan Buenaventura
Hi any update on when this feature will be worked on or released?
Aaron Morley
- Forms should be private by default with an option to make a public link
- Why? Cause a lot of companies want to make internal tickets for departments. Where they can have sensitive information in the form. This is exactly the issue we are facing right now.
I hope that we can get this soon. :)
Michael Van Doorn
Merged in a post:
Require login in order to fill forms
Bartłomiej "Kucu" Jaskulski
Simple as that. You cannot use a custom field like "People form your workspace" in a form that can be viewed by anyone who gets his hands on a link to the form
Michael Van Doorn
Merged in a post:
Forms with internal links that aren't public
D
Destiny Curry
[From support ticket]
Michael Van Doorn
under review
Craig Wallace
Michael Van Doorn Forms should be private by default, with the ability to share to the entire Workspace, individual People, Teams or generate a Public link.
Natalie Williams
Craig Wallace exactly this.
James Hogg
I just stumbled onto this as we have forms that are only for users and most critically [as Bartłomiej "Kucu" Jaskulski highlights] it is extremely insecure that by adding a form my users are opening to anyone who gets that link to submit into our clickup list and see content fields like Users. Default should be private for forms and only chosen forms allowed public access.
Ideally, if a user is authenticated to app.clickup.com and visits forms.clickup.com the authentication should be acknowledged and submission be made as their user account creating the task. This authentication wrapper could easily be designed with a simple "anonymous authentication" like used in IIS for specific parts of webapp or ftp site. Thus having a per form "public" switch that can be switched on only when desired keeping most lists secure.
Currently a form is accessible at:
- https://forms.clickup.com/... public and totally insecure, and submits as ClickApp even for users already authenticated on their device
- https://app.clickup.com/.... needs authentication, but displays embedded in the Clickup app which can be noisy when when all user want is the form to have a structured submission process for task. When form used this way it submits as authenticated user, so they don't have to faff about finding their name in a Users field, or worse still entering someone else and totally confusing who really submitted the form.
Natalie Williams
James Hogg agreed.
Instead of having different sharing options why not make them the same as tasks private to you only, private to the team, shared with specific individuals, or public? Having different options for essentially the same feature adds unnecessary complexity...
Load More
→