Skip to main content

Workspace security

Workspace Admins can configure their workspace settings to restrict who can access and share what assets.

  • Available on Team and Enterprise plans.
  • Only workspace Admins can configure these settings.

Project sharing settings

Share projects to web

When on, users with Full Access and Can Edit project permissions will have the option to turn on Share to web at the project level. When enabled in the project, anyone with the link to the project would be able to navigate to and interact with the project.

Export apps as PDFs

When on, users with "Full Access" and "Can Edit" project permissions can include a screenshot of published apps (including data and visualizations) in scheduled run notifications. Any user with "App User" access or higher can be designated as a recipient of the email. This setting also enables any authenticated user with "App User" access to export PDFs from published apps.

When on, workspace users can embed Hex project info including individual cells or full apps in Notion. Embedded project details can be viewed by anyone with access to the Notion page. For more information, see Hex's embedding documentation.

When on, workspace users can generate a link to the Published app which includes the current inputs in the URL as query parameters. Inputs are represented as plaintext in the generated URL, so use caution if inputs include sensitive information. For more information, see Hex's publishing documentation.

Download and copy CSVs from tables

  • The ability to disable this feature for a workspace is available on the Enterprise pricing plan.

By default, Hex provides a convenient way for all users to download and copy tabular data that they have access to, including in table display cells, and when viewing data behind a chart.

By disabling this feature, users who are viewing a project will no longer be able to copy or download data. This includes viewing a published app, or a project's logic.

Note that users who are editing a project will continue to have access to this button.

Why can't I disable this functionality for users that are editing projects?

Due to the flexibility that Python cells provide, users that are editing projects are able to export data via code. Therefore, disabling the ability to download or copy data for when editing a project would not be a true safeguard against moving data outside of Hex. As such, we kept this functionality in place when editing a project.

SSO configuration

Configure Hex to allow authentication via your SSO provider. Hex currently only supports Open ID Connect (OIDC) SSO.

For other providers, view your provider's documentation for instructions.

API settings

Enable API access

When on, users will be able to configure and use tokens to access the Hex public API. Admins can specify the maximum expiration for personal access tokens created by users. For more information, see Hex's public API documentation.


Setting the maximum expiration to a lower value will revoke any existing tokens that have existed longer than the new maximum expiration.

Workspace SSH key

This key is used when configuring Data Connections to connect via SSH.