Private forms | non-public links, require login, etc
under review
A
Aaron Sakievich
I want to be able to use forms internally without a public link.
Even if I don't publicize the public link it is still a security issue.
Log In
Michael Van Doorn
Hey, everyone!
Thank you for your feedback regarding Form Security. To better understand the issues you're experiencing, I would appreciate more details on your request to place Forms behind authorization, allowing only users with access to the Workspace to submit them.
Could you please clarify whether you envision this as:
- A global (Workspace-wide) setting
- A setting that is configurable on a form-by-form basis
- Other
Your insights are valuable in helping us improve the platform. Thank you!
R
Rob Phelan
I am also looking for this feature. I am absolutely dumbfounded that this hasn't been taken up as a critical security feature. This was requested 3 years ago and has lots of user support (to say nothing of basic common sense!). PLEASE push this up!
R
Ryan Buenaventura
Hi any update on when this feature will be worked on or released?
Aaron Morley
- Forms should be private by default with an option to make a public link
- Why? Cause a lot of companies want to make internal tickets for departments. Where they can have sensitive information in the form. This is exactly the issue we are facing right now.
I hope that we can get this soon. :)
Michael Van Doorn
Merged in a post:
Require login in order to fill forms
Bartłomiej "Kucu" Jaskulski
Simple as that. You cannot use a custom field like "People form your workspace" in a form that can be viewed by anyone who gets his hands on a link to the form
Michael Van Doorn
Merged in a post:
Forms with internal links that aren't public
D
Destiny Curry
[From support ticket]
Michael Van Doorn
under review
Craig Wallace
Michael Van Doorn Forms should be private by default, with the ability to share to the entire Workspace, individual People, Teams or generate a Public link.
Natalie Williams
Craig Wallace exactly this.
James Hogg
I just stumbled onto this as we have forms that are only for users and most critically [as Bartłomiej "Kucu" Jaskulski highlights] it is extremely insecure that by adding a form my users are opening to anyone who gets that link to submit into our clickup list and see content fields like Users. Default should be private for forms and only chosen forms allowed public access.
Ideally, if a user is authenticated to app.clickup.com and visits forms.clickup.com the authentication should be acknowledged and submission be made as their user account creating the task. This authentication wrapper could easily be designed with a simple "anonymous authentication" like used in IIS for specific parts of webapp or ftp site. Thus having a per form "public" switch that can be switched on only when desired keeping most lists secure.
Currently a form is accessible at:
- https://forms.clickup.com/... public and totally insecure, and submits as ClickApp even for users already authenticated on their device
- https://app.clickup.com/.... needs authentication, but displays embedded in the Clickup app which can be noisy when when all user want is the form to have a structured submission process for task. When form used this way it submits as authenticated user, so they don't have to faff about finding their name in a Users field, or worse still entering someone else and totally confusing who really submitted the form.
Natalie Williams
James Hogg agreed.
Instead of having different sharing options why not make them the same as tasks private to you only, private to the team, shared with specific individuals, or public? Having different options for essentially the same feature adds unnecessary complexity...
Natalie Williams
Here's a related thread where Michael has asked for feedback https://clickup.canny.io/feature-requests/p/require-login-in-order-to-fill-forms
Natalie Williams
Forms, clips, attachments... they all need to have the lack of security and privacy addressed.
A
Ashok Hirpara
I have used ClickUp forms for real and I tell you it is high time private Form view links are introduced. As an organization, we are deeply concerned about data privacy and security so it was a requirement that form links should be access controlled. I genuinely believe that bringing in this feature will not only possibly help us but it would also cater to many other organizations currently using ClickUp for their data collection.
This My Request to Clickup Team:Please Develop This Is Most Needful Feature And Let Our Query Ends. Not only is this easier, but also necessary for protecting the integrity and security of your data. Thanks for reviewing back the feedback, I look forward to see how you guys are able set this into a feature request in the upcoming updates!
Load More
→