At times, you may need to control access to your Stories so that only a specific group of people can read your content. Turtl's Access Control settings provide granular controls to help you achieve this. 

Applying an access control policy

Navigate to the main Story listing page and use the options menu for your Story to select Settings.

Select the Access Control tab

Select the access policy to apply using the drop down menu. Available policies are:

  1. Public (default) - Anyone with the link can read your Story.
  2. Internal - Only users logged into Turtl and your Company's SSO users (if enabled) can read this Story
  3. Private - Only users logged into Turtl can read your Story.
  4. Email and password - Anyone with a login to your Company Turtl account or with a valid email and password from a pre-defined list (see below) can read your Story.

Checking that the correct policy is applied

Turtl indicates the Access Policy applied to a Story in several places to help you avoid sending a Story out with incorrect settings.

1. A status banner is shown for each Story which has a restricted access policy applied (internal, private or email and password) in the main Stories list:

2. A lock icon is displayed in the top left of the browser when an internal user accesses a Private or Email and Password protected Story. This can be hovered over to display more information:

Configuring password protection for Stories

The email and password access policy allows you to specify a list of names, email  addresses and passwords which must be used by external users before they can read your Story. 

How to apply the email and password policy:

Select email and password from the drop down menu. The following tools are presented to help you manage your list of approved users.

  1. Create authorised users by providing a name, email address and password
  2. Remove an existing user
  3. Change the password of an existing user
  4. Paste in csv data to create users in bulk
  5. Save your changes


  • Turtl never stores any passwords in plaintext, so we cannot display a user's existing password. If a user forgets their password, it must be reset using the Reset password button.
  • Email address and password are case sensitive, make sure to use capital letters where required. 

What does your reader see?

When the Email and password policy is selected , all external readers will be presented with a password challenge screen when they access your Story:

When a valid email and password combination from the list you provided is entered, your Story will be loaded as usual.

Did this answer your question?