Skip to main content

I make secure websites for virtual events which users must login to to use. Multiple clients are asking if we can but a whiteboard on a page, something like jamboard, Mural, Miro etc.. so they can do a brain storming session or whatever. I can do this with Miro embed easily… Just embed it and make it publicly accesiable to anyone with the link. Winner.

However; If someone got that embed code, copied it and posted it elsewhere, in theory ANYONE could join. Normally that’s such a small concern id ignore it, however my clients are security conscious in the extreme. So i would have to use the enterprise account to domain lock where the iframe will show. which again is fine, if expensive for what I need.

So i was wondering (other than the above enterprise ‘domain locking’ option) is there anyone who knows if I can embed the whiteboard in a way that will let users logged into my the site access the board without them having to login or create miro accounts.

The reason I dont want them to have to login is because its just friction for the user and the event needs to appear as one cohesive experience, not a mish-mash of different service. 

Hey @Daniel Cave!

 

Have you checked this developer documentation: https://developers.miro.com/docs/editable-boards-for-anonymous-users ?

It allows your users to create and embed temporary boards without registration.

There’s also domain protection, so that boards could be opened only from domain specified by you.

As an alternative, you can protect publicly available boards with passwords: https://help.miro.com/hc/en-us/articles/360014617239-Password-Protection-for-Public-Boards


In the very rare case, if domain protection was setup, would a hacker be able to insert their own iframe  with the board URL on the splash page of the website (having the same domain) and be able to join the board?


@Boris Borodyansky or @Will Bishop would you be able to address my question above?

Update: Disregard, I would need to ensure the domain as the splash page would be a different domain than once logged in.

 

Thanks,

 

John C.


Reply