JWT reader groups

  • Updated on Apr 8, 2025
  • Published on Feb 3, 2024
  • 2 minute(s) read
  • Janeera D A
  • Pradeep Srinivasan
  • Manoharan Soundarraj
 Prev Next

Plans supporting single sign on (SSO)

Professional
Business
Enterprise






JWT reader accounts can be associated with any existing reader groups on the Document360 project, and the group restrictions can be applied to access specific content in the knowledge base. A JWT reader group is identical to a regular Document360 reader group, inheriting the same restriction settings.

Reader groups in Document360

Reader groups act as assignable permissions that define what users can access in any private knowledge base. Readers must log in with their credentials to view private knowledge bases on Document360.

Example use case

Scenario: The sales team needs access to pricing and billing articles but should not have access to API documentation or core technical articles.

Solution:

  1. Create a reader group in the Document360 private project, granting access only to the pricing category.

  2. Assign the sales team members to this reader group.

Reader group IDs

For JWT SSO-enabled projects, users can view and obtain Reader group ID from Settings > Users and Security > Readers & groups > Reader groups tab.

  • The Group Id is displayed below each reader group.

  • A copy icon is available on the right to quickly copy the required Group Id.

  • Paste the copied Group Id into the payload to configure it.

image.png

NOTE

The reader group ID is only available for JWT-configured projects and not regular private knowledge base projects.

Enabling JWT reader groups

  1. Obtain and copy the Reader group ID by following the steps mentioned above.

  2. Use the following JSON format to configure the relevant reader group IDs:

{
  "username": "firstname + lastname",
  "firstName": "firstname",
  "lastName": "lastname",
  "emailId": "user emailId",
  "readerGroupIds": [
    "26b3812e-7879-4407-b1c9-5755c32b886a",
    "674eadcd-793f-4131-b1e0-c1f055cc83b7"
  ],
  "tokenValidity": 15 //minutes
}

The token validity (in minutes) for the JWT reader can also be set in the payload. The minimum value that can be set is 5 minutes, and the maximum value that can be set is 1440 minutes (1 day).

To add multiple group IDs, separate them with commas (,).

Example:

"readerGroupIds": ["26b3812e-7879-4407-b1c9-5755c32b886a", "674eadcd-793f-4131-b1e0-c1f055cc83b7"]

When a JWT reader authenticates and accesses the private knowledge base, the restrictions defined in their assigned reader group will automatically apply. This ensures the reader can access only the specific project versions, languages, categories, or articles permitted by the reader group's settings.

Timing of changes to reader group IDs

Changes to Reader Group IDs (additions or deletions) in the payload will take effect only after the current session (token validity) expires.

Example: If the token validity is set to 30 minutes and a new Group ID is added, the change will apply only after 30 minutes. The same applies when removing a group ID.

Related articles