External link policy
External links let users share files with people who don't have ScaiDrive accounts. Useful — and a common source of compliance pain. The admin console gives you global controls to keep external sharing in check.
Storage → External Links and System → Settings → Sharing are the two places this is configured.
Global controls#
System → Settings → Sharing:
| Setting | Effect |
|---|---|
| External sharing allowed | Global kill-switch. Off → no user can create any external link, anywhere. |
| Default link permissions | What's pre-selected when a user creates a link (view-only vs view+download). |
| Require password | Force every new link to have a password. |
| Require expiry | Force every link to have an expiry date; cap the max expiry days. |
| Allowed link types | View, download, upload-only — disable the ones you don't want. |
| Allowed audiences | "Anyone with the link", "Anyone with an allowed email", or both. |
| Allowed IPs / blocked IPs | Global allow/block list applied on top of per-link lists. |
| Cap download count | Hard ceiling on the max download-count per link. |
When a user creates a link, the dialog reflects these constraints — required fields are starred and options outside policy are disabled with a hover explainer.
Per-share overrides#
Each share can override the global policy (Storage → Shares → share detail → External sharing). Useful for high-sensitivity shares where you want a tighter policy than the org default. Common patterns:
- Finance share: external sharing disabled entirely.
- Customer-facing share: external sharing allowed but capped at 30-day expiry and password required.
- Marketing share: external sharing allowed with default settings.
Shares marked with a sensitivity label that blocks external sharing override both.
Reviewing existing links#
Storage → External Links lists every active link in the system:
| Column | What |
|---|---|
| Resource | File / folder / share the link points to |
| Created by | User who made it |
| Type | View / download / upload |
| Audience | Anyone / email allowlist / IP allowlist |
| Created / Expires | Lifecycle |
| Access count | Total accesses to date |
| Status | Active / expired / revoked |
Filters: by share, by creator, by audience type, by expiry window ("expiring this week"). Bulk Revoke kills selected links immediately — useful when a user departs or an audit turns up something problematic.
Forensics#
Click any link for a per-access log: timestamp, IP, country (from IP), user-agent, what action was performed (download, preview, password-entry-failed). This data also flows into the Audit Log and to your SIEM.
If you find a link being accessed from unexpected IPs, Revoke kills it and the access trail stays in the audit log forever.
Auto-expiry#
A nightly job removes link records older than your expired link retention (System → Settings → Retention). By default, expired links are kept for 90 days for audit purposes, then deleted.
Access logs survive even after the link record is gone — they're part of the audit-event store, not the link table.
Common policies#
A few patterns that work well:
Strict (regulated industries):
- Require password on every link.
- Cap max expiry to 7 days.
- Require email allowlist (no anonymous links).
- Hold sensitivity-labelled "confidential" content to internal-only.
Default (most companies):
- Allow anonymous links but cap at 30-day expiry.
- Require password for upload links.
- Allow per-share overrides.
Open (internal-only orgs, no external collaboration):
- Disable external sharing globally.
- Users still get internal
[share file]UX, which uses share membership instead.
What's next#
- Compliance policies — sensitivity labels and DLP.
- Audit and activity — track link usage.