The Document Exchange sends a document to someone beyond the organisation through a tokenised link β no account needed on their side.
Before you start
- Open the document you want to share out. The unguessable token in the link is the sole credential the recipient uses.
- Decide what the recipient may do: view only, download, or upload a response.
- Decide whether the link should expire, be gated by a passcode, and whether it must be approved before it goes live.
Steps
- Open the document and choose to create an external exchange link.
- Set the Permission (required): view, download or upload a response.
- Optionally enter a Recipient email (up to 200 characters).
- Optionally set an Expiry β a date or time in the future after which the link dies. A plain date is treated as end-of-day in the organisation timezone.
- Optionally set a Passcode (between 4 and 64 characters) that the recipient must supply before the portal reveals anything.
- Optionally add a Message (up to 1,000 characters).
- To route the link through publish approval, name up to five approvers β each must hold a role in this organisation. The link only becomes reachable after sign-off.
- Create the link.
[screenshot: External share dialog with permission, expiry, passcode and approvers]
The recipient opens the link on a public portal. A wrong, expired, revoked or not-yet-published token returns a clean βnot foundβ. Where the permission allows, they can download the file or upload a response, which is constrained to the same safe file-type allowlist and size cap as internal uploads. An organisation has a cap on how many links can be active at once; creating another is refused until an existing link is revoked.
Result
An external recipient can reach exactly the document you shared, at exactly the permission you set, gated by any passcode, expiry and approval you configured β and every exchange event is audited.
