Is it possible to require one-time registration (email) before accessing a shared link (for external users)?

ℹ️ Support
,
1

Hi everyone,

I’d like to share files or folders with external users (like customers) using a Nextcloud share link, but with an extra layer of access control.

What I’m trying to achieve:

I want users who don’t yet have an account in our Nextcloud to be able to:

  1. Click a shared link.
  2. Be prompted to register once with their email address.
  3. After registering, they can access the content of that specific shared folder.

Important:

  • I don’t want public access via anonymous links.
  • I also don’t want general public registration enabled on the Nextcloud instance.
  • The registration should be only triggered by clicking the share link.
  • It would be great if these users get a kind of limited “guest” account just for this share.

My setup:

  • Nextcloud version: 31.0.2
  • Self-hosted
  • I have admin access

I’ve come across the Registration and Guests apps, but I’m not sure how (or if) they can be combined to offer this kind of limited, invite-based external access.

Is there any way to set this up?
Has anyone implemented a similar workflow?

Thanks so much in advance for any hints or ideas! :pray:

2

I think you must use the Guests app. With the guest app, however, you as the person sharing the files specify the guest yourself when sharing. You must select the correct option when sharing. First insert the email and then use “Invite Guest”. Watch the video.

If you do not share anything with the users afterwards, they will no longer receive any data. you can also delete the users.

You can also take a look at the Secrets app. You could, for example, first send the password via Secrets. Not password in the app. The password is in the text field of the app. Wait for confirmation, e.g. by e-mail or telephone, that the link (password in the text) has been read. Only one person can read it (burn-after-reading). Then send the Nextcloud share url protected by the password via e.g. insecure e-mail. If the person passes on the link including password or the data itself to third parties, there is of course nothing you can do.