Every piece of content you deploy through AI Hub does not need the same level of protection — a public-facing product demo and a confidential roadmap preview have very different audiences, and your access settings should reflect that. AI Hub gives you three access tiers that range from a fully open link anyone can click to email-verified, domain-whitelisted access you control down to the individual email address. You set the access level per session and per playlist, so each piece of content gets exactly the right amount of protection.
Open Access
Anyone with the link can view your content. No login, no password, no verification required. This is the fastest way to get content in front of a broad audience.Best for:
- Public-facing product demos on your website or landing pages
- Top-of-funnel outreach links sent via email or LinkedIn
- Conference and event demo kiosk screens
How to set Open Access:
- Open your playlist or session settings in AI Hub.
- Under Access Control, select Open.
- Publish and share the link freely.
Open Access does not mean anonymous buyers. The AI Demo Agent can still capture visitor contact details voluntarily — by asking for an email during qualification, or via the closing CTA. You are not required to enforce authentication to collect identity.
Credential-Based Access
Viewers must authenticate before they can see any content. You control the credentials and can revoke access at any time — for individual viewers or for everyone at once.Best for:
- Draft demos shared with specific prospects before a call
- Paid customer knowledge bases and onboarding portals
- Partner portals with tiered content access
- Beta or pre-launch content shared with selected accounts
How to set Credential-Based Access:
- Under Access Control, select Credential-Based.
- Choose your credential method:
| Method | How it works | When to use |
|---|
| Single shared password | All viewers use the same password to enter | Simplest setup — use for low-sensitivity content where speed matters more than individual tracking |
| Individual invite links | Each recipient gets a unique link; their identity is tracked from the moment they open it | Use when you need per-viewer analytics and the ability to revoke access individually |
| Email + password accounts | Viewers create a lightweight account with their email; you manage the approved email list | Use for ongoing portals — customer onboarding, partner enablement — where access management matters over time |
- Save and publish. Share credentials separately from the link.
Revoking access:
- Single password — change the password in settings. All existing sessions are immediately invalidated.
- Individual invite links — revoke specific links from the Viewers panel. That viewer’s link stops working instantly.
- Email accounts — deactivate individual accounts from the Viewers panel.
Verified / Whitelisted Access
Viewers verify their identity via a one-time email passcode (OTP) before accessing any content. You control who qualifies by whitelisting specific email addresses or entire email domains. No password required — verification is instant for anyone on your whitelist.Best for:
- Confidential product roadmaps shared with named enterprise accounts
- Board-level and investor content (whitelist specific personal emails)
- Sensitive internal content (whitelist your company domain)
- High-value named account content for ABM campaigns
How to set Verified / Whitelisted Access:
- Under Access Control, select Verified / Whitelisted.
- Add whitelisted entries:
- Entire domain — for example,
acmecorp.com grants access to any verified @acmecorp.com email address.
- Specific email address — for example,
cto@acmecorp.com for named individuals.
- Save and publish.
What the viewer experiences:
- They open your link and are prompted to enter their email address.
- They receive a one-time code to that email.
- They enter the code. If their email or domain is whitelisted, they gain access immediately.
- All session activity is attributed to their verified email from that point forward.
Each session, playlist, and piece of content in your workspace can have a different access tier. You are not locked into one setting across the board — your public product demo can be Open while your customer onboarding portal is Credential-Based and your enterprise roadmap is Verified / Whitelisted, all running simultaneously in the same workspace.
Enterprise access control
Enterprise plan customers have access to additional controls for environments where corporate security policies apply:
- SSO (SAML) — viewers authenticate via your organisation’s identity provider (Okta, Azure AD, Google Workspace). No separate credentials required; access is governed by your existing IAM policies.
- IP allowlists — restrict access to specific IP ranges, such as your corporate network or VPN. Useful for internal tools and sensitive internal content.
- Audit log — a full, exportable log of every access grant, access attempt, and access revocation, with timestamps and IP addresses for every event.
Contact support@demokraft.ai to enable Enterprise access control features on your workspace. 