Password Protection overview
Customize how visitors access your site using Password Protection settings available through the Netlify UI.
You can configure protection for all site deploys or only Deploy Previews and branch deploys.
SSO login support for Reviewers
The ability for Reviewers to log in to the Netlify app and collaborate on deploys using SAML SSO is currently in beta and is available on Enterprise plans.
# Password Protection options
You can restrict access to site deploys with these options:
- Protect all deploys: protect all site deploys, including production deploys, Deploy Previews, and branch deploys.
- Protect only non-production deploys: keep your production deploys open to all visitors and only protect Deploy Previews and branch deploys. Note that protecting only private deploys with Password Protection settings is only available for Enterprise plans.
Learn more about how site deploys are defined in our site deploys docs.
Once you decide which deploys you would like to protect, you can choose between basic password protection and team login protection. If you choose team login protection, you have the option to configure SSO as part of that protection.
# Who can configure Password Protection
As a Developer, you can change the Password Protection settings for your site at any time in the Netlify UI. Password Protection settings configured for a specific site will override any default Password Protection settings configured for your team.
As a Team Owner, you can configure the default Password Protection settings for all sites on your team. Individual Password Protection settings will take precedence over team settings. If you configure default Password Protection for site deploys on your team, this becomes the baseline protection for all of your sites.
# Basic protection versus team protection
Password Protection allows you to protect your site with basic protection or team protection.
If you set up basic protection for a site deploy, a visitor to your site deploy will find a generic password prompt. They must know and enter a shared password to access the site deploy.
If you set up team protection for a site deploy, a visitor to your site deploy will find a Netlify team login prompt. They must be a member of your Netlify team and log in using the same credentials they use to access the Netlify app.
Basic protection | Team protection |
---|---|
![]() | ![]() |
Universal password required to access site deploy | Unique password and username required to access site deploy |
Password set by a Developer or Team Owner | Username and password set through your Netlify team login configuration |
No SSO support | Supports SSO through an identity provider |
Anyone can use your basic password to access a site deploy | Only members of your Netlify team can use your team login to access a site deploy Invite unlimited Reviewers to access your site Note that Git Contributors cannot access your site with team protection |
# Protect your site with single sign-on (SSO)
To protect your site with SSO protection through an identity provider, you must first set up Organization SSO or Team SSO.
Next, you need to configure Password Protection with the team login protection option.
You can protect either all site deploys or just Deploy Previews and branch deploys.
If you want to require SSO login for your site, you must configure Organization or Team SSO with the Only SSO allowed (strict) option.
SSO auth tokens expire after 1 hour
When a team member uses SSO to log in to your site, the authorization lasts for 1 hour. While this timeout is meant to enhance your security, it can be inconvenient if your use cases involve long sessions.
For this reason, we provide a Netlify-Site-Protection-Expires-In
response header for sites with SSO protection. That header indicates the number of seconds remaining until the auth token used for the request expires. You can use this information to proactively refresh pages before they start to return a 401
during a long session.
# Configure default Password Protection for your team
Customize Password Protection for your team with either a basic password or Netlify team login. As a Team Owner, you can customize the default Password Protection settings for all sites owned by your team.
Default Password Protection settings apply to all new sites and all existing sites that don’t have their own custom Password Protection settings configured. This allows you to customize Password Protection for a specific site.
# Protect your sites with a basic password
To set a default Password Protection setting for sites owned by your team:
For your team, go to
.Select Configure Password Protection.
To require site visitors to enter a basic password for all new sites and existing sites without custom Password Protection, choose Basic protection. Enter the custom password. You will need to share this password for site visitors to access the impacted site deploys.
Choose the scope of your default Password Protection:
- To only protect site deploys that are not on your production branch, such as Deploy Previews and branch deploys, select Non-production deploys only.
- To protect both production and non-production site deploys, select All deploys.
To confirm, select Save.
# Protect your sites with Netlify team login
To set a default Password Protection setting for sites owned by your team:
For your team, go to
.Select Configure Password Protection.
To require site visitors to use their Netlify login credentials to access your site, choose Team protection. Visitors must be a member of your Netlify team for this option.
Who counts as a Netlify team member for team login protection?
Team login protection applies to Developers, Team Owners, and Billing Admins only. Git Contributors will not be able to log in to your site deploys that are protected with team login protection.
Choose the scope of your default Password Protection:
- To only protect site deploys that are not on your production branch, such as Deploy Previews and branch deploys, select Non-production deploys only.
- To protect both production and non-production site deploys, select All deploys.
To confirm, select Save.
# Configure Password Protection for a single site
Customize Password Protection for a specific site’s deploys with either a basic password or Netlify team login.
# Protect your site with a basic password
Basic password protection allows you to quickly protect your site deploys with a single shared password. When you configure basic password protection for a specific site, all site members can change or remove this password at any time.
All site visitors will be required to enter this password to access a site deploy, including team members who can manage your site deploy’s settings in the Netlify app.
To protect your site with basic password protection:
In the Netlify UI, navigate to your site and go to
.Select Configure Password Protection.
If a Team Owner has configured default Password Protection settings on your team, then you can choose to keep the default Password Protection settings that are listed in the Netlify UI or you can select Customize this site’s protection settings.
To set a password that anyone can use to access your site, choose Basic protection, and enter the required password for all site visitors.
Choose the scope of basic password protection for your site:
- To only protect site deploys that are not on your production branch, such as Deploy Previews and branch deploys, select Non-production deploys only.
- To protect both production and non-production site deploys, select All deploys.
To confirm, select Save.
# Protect your site with Netlify team login
Team login protection is ideal for internal sites or for Deploy Previews and branch deploys that should remain private and for internal preview only.
Team login protection for your site allows you to restrict access to only members of your Netlify team. Team members must log in to your site using the same login credentials they use to access the Netlify app.
Once team login protection is configured, only Team Owners, Developers and Billing Admins can access the protected site deploys.
To protect your site with Netlify team login protection:
In the Netlify UI, navigate to your site and go to
.Select Configure Password Protection.
If a Team Owner has configured default Password Protection settings on your team, then you can choose to keep the default Password Protection settings that are listed in the Netlify UI or you can select Customize this site’s protection settings.
To allow team members to access your site with their Netlify team login credentials, choose Team protection.
Who counts as a Netlify team member for team login protection?
Team login protection applies to Developers, Team Owners, and Billing Admins only. Git Contributors will not be able to log in to your site deploys that are protected with team login protection.
Choose the scope of team login protection for your site:
- To only protect site deploys that are not on your production branch, such as Deploy Previews and branch deploys, select Non-production deploys only.
- To protect both production and non-production site deploys, select All deploys.
To confirm, select Save.
Did you find this doc useful?
Your feedback helps us improve our docs.