wip

docs/guides/sharing-external.md

@@ -29,3 +29,15 @@ To share explorers with the public, follow these steps:
 2. Set `isPublished` to `true` in your explorer configuration.
 3. Trigger manual deploy from Admin (this is only needed to do once) or commit to trigger it automatically.
 4. Share your explorer with public on e.g. https://staging-site-my-branch.tail6e23.ts.net/explorers/my-explorer. -->
+
+### Sharing private work with external people
+
+If you created a private staging server with `-private` suffix, domain `https://<branch>.owid.pages.dev/` will not be available to the public. However, there's a different way how to share it only with certain external people. We'll first create it as public, but then protect it with Cloudflare Access.
+
+1. **Do not** use `-private` suffix in your branch name.
+2. Go to [Cloudflare Access -> Applications](https://one.dash.cloudflare.com/078fcdfed9955087315dd86792e71a7e/access/apps?search=) and edit application [Cloudflare Pages (owid)](https://one.dash.cloudflare.com/078fcdfed9955087315dd86792e71a7e/access/apps/edit/d8c658c3-fd20-477e-ac20-e7ed7fd656de?tab=overview)
+3. In `Overview` tab, click on `+Add domain` and use subdomain of your staging server
+4. Go to [Policies](https://one.dash.cloudflare.com/078fcdfed9955087315dd86792e71a7e/access/apps/edit/d8c658c3-fd20-477e-ac20-e7ed7fd656de?tab=policies) tab and edit [External e-mails](https://one.dash.cloudflare.com/078fcdfed9955087315dd86792e71a7e/access/apps/rules/d8c658c3-fd20-477e-ac20-e7ed7fd656de/4c7bfba1-7bca-4e7c-8a32-5a11ab5f36fe)
+5. Add e-mails of people you want to share the staging server with
+
+Once you set it up, the URL `https://<branch>.owid.pages.dev/` will be behind authentication. People with e-mails you added in the policy will be able to access it via Google or by entering their e-mail address and copying the code from the e-mail.